The term “shadow data” is superseding the graying “shadow IT,” according to data security company Laminar Ltd., which has been developing applications to handle emerging threats.
The company is talking about leaky development database environments caused by new-found freedoms generated for programmers, DevOps and so on, caused by a shift to cloud and multicloud. There are increasingly shadow data assets and elements security teams had no idea existed, according to Andy Smith (pictured), chief marketing officer of Laminar.
He explained his premise: “Everybody knows the main [AWS Relational Database Service] that is in production, and this is where our data is taken from. But what people don’t realize is there’s a copy of that.”
Smith spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed new threats caused by cloud and multicloud. (* Disclosure below.)
A secure database isn’t the problem
Smith poses scenarios: “There was an original SQL database left over from a lift-and-shift project that got moved to RDS, but nobody deleted that thing,” he used as an example. “Somebody went to run a test and they were supposed to be there for two weeks, but then that developer forgot, left it there,” is another example. “Oh, now it’s been there for two years” is the chilling result.
It’s what the attackers are now after because they know the main database is secure. Securing these growing holes across clouds through automation is all about analyzing what data is in the respective client’s cloud account — whether it be credit cards, personal data, or whatever, Smith explained.
By classifying what’s there, one can apply retention periods, access and so on. Importantly, the dev, thus, doesn’t actually have to be restricted in his or her activities — they can still perform dev work in a fluid multicloud environment.
There’s a “gap with data security teams, and that’s what we’re here to address,” Smith stated.
Verifying that security policy is actually being adopted, from inside the customer’s AWS account, so no data leaves that account, is Laminar’s offering.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:
(* Disclosure: Laminar Ltd. sponsored this segment of theCUBE. Neither Laminar nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)