UPDATED 16:45 EDT / AUGUST 01 2022

CLOUD

‘Shadow data’ is creeping into multicloud

The term “shadow data” is superseding the graying “shadow IT,” according to data security company Laminar Ltd., which has been developing applications to handle emerging threats.

The company is talking about leaky development database environments caused by new-found freedoms generated for programmers, DevOps and so on, caused by a shift to cloud and multicloud. There are increasingly shadow data assets and elements security teams had no idea existed, according to Andy Smith (pictured), chief marketing officer of Laminar.

He explained his premise: “Everybody knows the main [AWS Relational Database Service] that is in production, and this is where our data is taken from. But what people don’t realize is there’s a copy of that.”

Smith spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed new threats caused by cloud and multicloud. (* Disclosure below.)

A secure database isn’t the problem

Smith poses scenarios: “There was an original SQL database left over from a lift-and-shift project that got moved to RDS, but nobody deleted that thing,” he used as an example. “Somebody went to run a test and they were supposed to be there for two weeks, but then that developer forgot, left it there,” is another example. “Oh, now it’s been there for two years” is the chilling result.

It’s what the attackers are now after because they know the main database is secure. Securing these growing holes across clouds through automation is all about analyzing what data is in the respective client’s cloud account — whether it be credit cards, personal data, or whatever, Smith explained.

By classifying what’s there, one can apply retention periods, access and so on. Importantly, the dev, thus, doesn’t actually have to be restricted in his or her activities — they can still perform dev work in a fluid multicloud environment.

There’s a “gap with data security teams, and that’s what we’re here to address,” Smith stated.

Verifying that security policy is actually being adopted, from inside the customer’s AWS account, so no data leaves that account, is Laminar’s offering.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:

(* Disclosure: Laminar Ltd. sponsored this segment of theCUBE. Neither Laminar nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.