Which Security Threats Affect a Data Warehouse?
Data warehouses are a valuable target for hackers and other criminals – they hold a treasure trove of confidential information. Below are six threats that put your data warehouse at risk:
- Unauthenticated users
- Unauthorised users
- The wrong people can access the data warehouse
- Unencrypted data at rest
- Security measures that negatively impact data warehouse performance
- A lack of good governance
Authentication ensures that you are who you say you are. In the context of a data warehouse, authentication takes place when a user enters a user name and password.
Without authenticating users, you could have people poking around in your data warehouse who don’t belong there. Even if they don’t steal any data, unauthenticated users still present a significant cloud security risk.
Authorisation is the step after authentication – it gives a user permission to access a data warehouse. While authentication is essential, you need to add authorisation to the process to ensure that the person should be allowed to use the data warehouse.
We’ll illustrate with an example: Jane works in the facilities management department. None of her daily duties requires the use of the data warehouse, so it should raise red flags if she tries to access it.
The Wrong People Can Access the Data Warehouse
Authentication and authorisation are all well and good, so long as the right people have access to a data warehouse. When you let people use the data warehouse that shouldn’t be using it, that’s when the trouble starts.
We’ll go back to the previous example. Let’s say Jane’s company has given blanket access to all employees to the data warehouse. Even though Jane shouldn’t have access to the data warehouse, she does; that could create a security risk for the organisation.
Unencrypted Data at Rest
Encryption protects data by transforming it into an unbreakable code. You can only access data with an encryption key.
When people think about the greatest risk for unencrypted data, the transmission process most likely comes to mind; a hacker could access it as it travels from endpoint to endpoint. However, unencrypted data at rest (data that isn’t being transmitted) also represents a significant security risk.
Security Measures Negatively Impact Data Warehouse Performance
Sometimes, security measures designed to protect a data warehouse have a negative impact on its performance.
This creates two problems:
- Users have difficulty accessing the data they need to make decisions
- Users find workarounds to get past the security features, putting data at risk
A Lack of Good Governance
‘Good governance’ means that you put rules and procedures in place that make sure the data warehouse runs smoothly and that you keep information safe.
The problem with good governance is that it can be very tricky to put into place. It requires planning and enforcement, and many companies don’t have the resources for either of those things.
Best Security Practices to Protect Your Azure Cloud Data Warehouse
There are several best practices you should follow to maintain Azure security:
- Use authentication and authorisation policies
- Control access to the data warehouse
- Encrypt data at rest
- Ensure good governance is in place
- Use Authentication and Authorisation Policies
The combination of authentication and authorisation ensures that users are who they say they are, and they have permission to access the data warehouse. With authentication and authorisation, you don’t have to worry about someone outside the organisation trying to access confidential data.
Azure cloud security makes it easy to authenticate and authorise users with built-in features. You don’t need to worry about third-party solutions, so cloud security is simple.
Control Access to the Data Warehouse
In addition to authentication and authorisation, role-based control access protects your data warehouse from the wrong people (even if they work for you). We’ll revisit the example of Jane. Jane’s role doesn’t involve accessing the data warehouse, so she shouldn’t be able to get in. The company should remove blanket access and limit it to the roles that need it most.
Azure’s cloud security has built-in role-based access control. You decide who should have access to your data warehouse; roles that don’t need access won’t automatically receive it, which protects confidential information.
Encrypt Data at Rest
Data at rest is at risk from hackers. It needs to be protected through encryption just as you would with data travelling between endpoints.
Azure security features include data encryption for data at rest. It gives you peace of mind that your confidential information will stay safe.
Ensure Good Governance Is in Place
Rules and enforcement are a crucial part of cloud security. Rules determine who can access the data warehouse and what procedures they have to follow to access the data warehouse. Enforcement makes sure that employees follow those rules so they don’t put your data at risk.
Yes, good governance takes effort – you need the resources in place to plan rules and policies and to monitor enforcement. However, protecting your data warehouse from threats saves you time, money, and reputational damage, so it’s worth it.
Other Built-In Azure Security Features
Azure has a number of built-in security features in addition to the ones mentioned above. We’ll talk briefly about two more:
- Network service endpoints restrict and secure traffic
- Audits and advanced threat protection alerts you to potential security threats
Virtual network service endpoints control communications from subnets in virtual networks, so suspicious traffic can’t affect your network. Additionally, Azure security’s Advanced Threat Protection detects irregular activities which could indicate an attempted exploit.
Let Enlighten Help You Protect Your Azure Cloud Data Warehouse
Enlighten has over two decades of experience delivering amazing customer experiences, including Azure cloud data warehouses. We’re proud Microsoft partners. To learn more, Contact Us