Sentrigo is looking to bring database security to the cloud by making its Hedgehog Enterprise and vPatch products available on Amazon Elastic Compute Cloud (Amazon EC2).
The move is meant to help organizations deal with the compliance issues posed by storing data in the cloud by providing database activity monitoring, intrusion prevention and virtual patching.
“It’s clear to us that three or five years from now, cloud computing will be a core part of every enterprise IT strategy,” said Slavik Markovich, CTO of Sentrigo. “But for now, organizations still see obstacles to adoption, and the biggest of those are security and compliance. All the benefits of cloud computing sound good, but if your applications store sensitive data, and especially if it is governed by regulations like PCI-DSS or HIPAA, or SOX, you can’t go there yet.”
While the cloud doesn’t really alter the threat landscape for databases, the techniques and approaches for securing that data must change, Markovich added.
“Traditional perimeter security models fail, as there really is no perimeter to protect,” he said. “Traditional network monitoring models fail, as the network topology is highly dynamic and not physically accessible. Have you ever tried to ship Amazon a security appliance to install next to your virtual server on EC2? (It) doesn’t make sense.”
“So, the hacker’s life hasn’t really changed, but the environment we are protecting is much more challenging and requires an updated security approach,” he continued. “We think that a distributed architecture will replace network-sniffing appliances in nearly all security areas as more and more enterprises move to the cloud.”
The company noted that Hedgehog is built on a distributed model using autonomous sensors to monitor databases wherever they are hosted, and by packaging Hedgehog into an Amazon Machine Image the products can be installed on Amazon EC2 in minutes.
“(Enterprises) need to know that the data is safe, and that you can prove that to your auditors,” the CTO said. “For Sentrigo, we have an architecture that fits perfectly with the cloud, by distributing the security implementation wherever the servers are, and still managing and reporting on them centrally from behind your firewall.”