Database Security for Amazon RDS

By on May 31, 2019

It’s all about the data! In today’s corporate environment, databases exist behind scores of peripheral technologies in hopes to protect and minimize access to sensitive information contained within. This comes in the form of firewalls, web application protection, data masking/encryption/tokenization, etc. In this blog, we show organizations that a departure from “normal” is easily achieved with a fundamental cloud strategy. This in turn allows organizations to accelerate their move to the cloud with obvious advantages and cost savings.

A traditional database – whatever its use: applications, websites, or business data storage, query and processing, is quite expensive and not nearly as useful as its cloud counterpart. However, organizations routinely built these databases for various reasons in traditional data centers that they control, to protect their organization. As more databases transition to cloud workloads, protection of those assets becomes problematic as traditional datacenter defenses fall short.


Definitive Guide to Amazon Web Services Security

Download to learn about AWS security challenges, best practices around securing AWS, and how CASBs can help you enforce your security and compliance requirements for AWS.

Download Now

Today, most leadership groups prefer cloud deployments for several reasons. The main ones are cost and business agility. Cloud infrastructure services, like AWS, allow organizations to rapidly deploy, scale, and to be “agile”, where traditional database deployments do not. In addition, a cloud deployment will drastically reduce the myth list above.

AWS has a brilliant and prolific service and role system. Predominantly this is a feature in AWS is known as IAM Roles. As the infrastructure is built for these databases, the proper context for those that develop applications or queries (developers or business owners) can be applied to ensure the database is secure from the network layer, then on a per user basis. Users can only get to, and do the things the IAM policy allows them to do.


Aws- IAM roles diagram


For DBA’s, the same is true. In most cases, they will need elevated rights, but network controls (boundaries, network ACL’s), proper authentication, and logging allow for understanding user activity (more on this later).

Lastly, from an agility point of view, applications can now fit a much stronger model; elastic growth and optimization provided by RDS allow for even internal apps to move to AWS, along with the business result of expanding public-facing applications.

As database workloads extend to the cloud the myth is that databases are secure when in fact database security issues are exacerbated because organizations no long have full control of security. Organizations rely on the cloud providers to safeguard their data.

To now extend security capabilities that McAfee brings, consider the joint product offering by Amazon Relational Database Service or, RDS, and McAfee. McAfee Database Activity Monitoring (DAM) puts the pedigree of McAfee security into RDS. In fact, the solution supports a hybrid model, where traditional databases will still be active while a cloud transformation (new databases in AWS) takes hold. This allows for real-time monitoring database activity tools to exist in both customer environments, unifying the visibility for the customer. McAfee’s Database Activity Monitoring is an easy-to-deploy and highly scalable solution that provides a means of fully protecting databases on-premise, purely in a cloud, and a hybrid environment with the same common tool. The user experience whether in the cloud or on-premises is the same.

McAfee DAM protects data from all threats by monitoring activity on each database server by providing awareness of malicious behaviors in real-time even when virtualized and/or in the cloud with RDS. Working with AWS, McAfee helps customers build security and event management ecosystems in a flexible and intuitive way.”

Learn more about AWS Security:


Enhancing AWS Security Hub with McAfee MVISION Cloud

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs