Imperva has introduced the Imperva Snapshot service, a free cloud data security posture assessment for Amazon Relational Database Service (Amazon RDS) managed databases.
The Imperva Snapshot service can be deployed by a security team member of any experience level in seconds, to analyse the sensitivity and security posture of the data and take action accordingly, the company states.
Privacy regulations and consumer expectations around the secure storage of their data continue to evolve. To aid in this, an Imperva Snapshot assessment lets teams quickly assess the status of their databases and the data stored, to identify non-compliance with privacy regulations as well as compliance requirements for cloud data stores.
The Imperva Snapshot service also flags for sensitive data that may require additional action in response to a Data Subject Access Request (DSAR), where an individual asks a business about what personal information of theirs has been collected, stored, and used.
Overall, it enables an organisation to assess its Database-as-a-Service (DBaaS) for security risks and privacy compliance issues, and helps teams to intermittently review their security and compliance status, providing visibility into sensitivity of the data, its classification, excessive privileges, configuration drifts, encryption issues and more.
The new service uses patent-pending technology that saves a temporary restored copy of a database in an isolated sandbox environment, ensuring all data stays within an owned AWS account.
Imperva states,the service analyses the data security posture of Amazon RDS instances in four primary ways.
- Infrastructure posture assessment: Reviews AWS security configurations and cloud environment settings
- Database configuration assessment: Analyses system tables, database roles, database user information, misconfigurations, and bad practices
- Vulnerability assessment: Identifies and catalogs database vulnerabilities according to publicly disclosed Common Vulnerability and Disclosures (CVEs)
- Data classification: Identifies sensitive content that may have a privacy impact.
Imperva chief innovation officer Elad Erez says, "Managed databases are one of the most popular cloud services, and quite often, those databases hold the most sensitive data of an organisation.
"When not maintained properly, misconfigurations, bad practices, and vulnerable unpatched databases may put the data at risk.
"There are many posture assessments tools available, but most offer no context about the data, rely solely on the cloud vendor API, or are difficult to configure."
He says, “This is why we created this cloud-native data-aware security posture service, delivered through a low-touch, zero configuration approach, which anyone can use in a manner of seconds, at no charge.
"This should help practitioners through their cloud migration journey, to get full visibility on which data they hold and its true data-aware security posture.
Imperva Cloud Data Security is a key component of Imperva Data Security. Imperva Data Security safeguards data on-premises by discovering sensitive data and monitoring all data activity delivered as software as a service (SaaS).