• Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on or off premise.
• Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
• Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Regardless of deployment models, as companies begin to move their databases into the Cloud, database security programs need to follow.

Cloud infrastructures that provide database hosting offer very basic security in the form of network-layer firewalls configured with port-based access control lists. Database platforms are often provided as a service where the security details are abstracted away from the user. Users are offered nothing more than a contract or Service Level Agreement which makes empty claims about security. This basic layer of security, coupled with the increased exposure database applications receive from being deployed in shared and possibly public infrastructures, requires organizations to review their database security strategies and implement a comprehensive program of database security process control.

An important question in Public and Hybrid Cloud infrastructures is: "Who owns responsibility for securing the database and sensitive data?" Ultimately, the data owners need to take responsibility for securing their sensitive data. Data owners should formulate their database security strategies and then partner with their Cloud providers to ensure effective implementation. Cloud providers offering database hosting need to consider database security as critical service to their customers.

Whether in Traditional, Private Cloud or Public cloud infrastructures, Application Security believes it is important for organizations to protect their sensitive data where it lives - in the database. DbProtect Precision Database Activity Monitoring (DAM) helps organizations protect their Cloud-based data assets by providing control over the security processes that impacts their sensitive data.

FIVE STEPS TO COST-EFFECTIVE DATABASE SECURITY IN THE CLOUD - TWO MINUTE TUTORIALS

	Isolate Sensitive Databases	Maintain an accurate inventory of all databases deployed across the enterprise and identify all sensitive data residing on those databases.
	Eliminate Vulnerabilities	Identify and fix vulnerabilities that are exposing the database on a continuous basis
	Enforce Least Privileges	Reset user access controls and privileges to only the minimum database access required to do their jobs.
	Monitor for Deviations	Implement appropriate policies and monitor for any and all activity that deviates from normal and authorized activity.
	Respond to Suspicious Activity	Alert and respond to any unauthorized or suspicious activity in real-time to minimize risk of attack.