Notes on Securing Cloud Databases

A couple weeks ago, I went to a talk on Securing Databases in the Cloud. The speaker was Mike Frank from Gazzang, a company that sells software to help with the exact problem he was speaking about: the risks with open source software tools and cloud hosting. The talk felt like a slightly awkward mix between promotion and education, but there was enough education that I got some good stuff out of it.

I know the importance of security and am quite fanatic about having proper security practices and aiming towards zero trust policies anywhere possible. I still managed to pick up a few new things, including considering anew the security implications of cloud-based hosting.

The most striking question that Mike brought up and which caused me pause was about virtual images. Hosting on AWS is extremely popular, and users have the perception of having a dedicated server. Most of my attention when thinking about security before went to security within the server (data architecture and encryption of data in the database) rather than security of the overall server image. Mike brought up the scenario of your AWS image, a virtual machine sitting somewhere in memory and disk, and an engineer somewhere having access to that virtual image and being able to do anything with it. How do you protect yourself in that scenario? Coming from that perspective, it made it obvious that security end-to-end and zero trust even of the (virtualized) hardware layer is important.

During the talk, Mike spoke about encrypting data within MySQL, PostgreSQL, Drizzle, and NoSQL databases Cassandra and MongoDB. Mike is Director of Products at Gazzang and prior to that, he was one of the senior product managers for MySQL both under Sun Microsystems and Oracle. He clearly knew his stuff.

Below are my notes from the talk.

1. Huge security risks out there. A new AWS instance spun up will get attacked (attempted) within minutes.

2. Non-obvious stuff that's important to protect:

• DB config files, log files, data directory
  
• Application source code
  

3. Ways to protect:

• Linux firewall
  
• AES 256, SHA 256, RSA
  
• OpenSSL
  
• mcrypt
  
• ecryptfs
  
• dm-crypt
  
• Cloud provider's firewall and security
  
• Encrypted cloud storage
  
• Encrypted file system
  
• Access control restrictions
  

4. Key management options:

• In database (less ideal)
  
• OS kernel key ring
  
• Outside database
  

5. Always use SSL for transport security

6. Database encryption functions for data at rest. Keys on outside key store.

7. Gazzang's product is ezNcrypt. How they solve it:

• On disk seamless encryption
  
• Keys stored outside DB
  
• Provide secure environment to run MySQL, Apache, PHP
  
• Handle ACLs
  
• Towards zero trust
  

8. Good article out there on issues with PCI compliance in the cloud

9. Gazzang built on top of ecryptfs

• They added keys and access controls
  
• All files are AES-encrypted so files stolen (like if AWS hacked) are worthless
• Performance hit of encryption: 1% hit on transactions per second and latency.
• Single passphrase and salt or RSA key for system
• Each file encrypted with separate key which master key can access. This allows changing the master key without re-encrypting all data (that's smart).
• Can also use their product to do PHP and perl encryption.