TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates

In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as the varying failure rates of database security controls. For this analysis, “failure rates” are the rates at which users are not following database security best practices, as enumerated in part 1.

Failure Rates Across CSPs

The Qualys research team’s study on database-related control failures across AWS, Azure, and GCP offers an enlightening perspective, suggesting that the varying failure rates are more indicative of the different levels of user expertise and security management practices rather than the inherent capabilities of these cloud services.

AWS exhibits a comparatively lower average failure rate of 56.79%, which might reflect its users’ better grasp of security protocols. On the other hand, Azure & GCP display a higher failure rate of 62.08% & 95.79%, respectively, indicating that users of Azure and GCP might benefit from additional guidance and training in configuring and managing their database security controls effectively.

This research sheds light on the variations in database security across AWS, Azure, and GCP, highlighting the importance of user responsibility in maintaining robust database security across different cloud platforms.

Failure Rates Across the Database Security Layers Within Azure

Next, we turn our attention to the failure rates of security controls across the layers of database security within Azure:

• Network security in databases has a failure rate of 75.13%, indicating potential weaknesses in network configurations.
• Access management reports a 59.69% failure rate, calling for improved user access controls.
• Azure’s database threat detection layer scores 67.05%, suggesting room for enhanced threat response capabilities.
• Database information security, with a 47.81% failure rate, the lowest of the four, underscores the need to strengthen data protection measures, given that it’s still almost 50%.

These findings offer actionable insights for organizations to bolster Azure database security and protect their valuable assets effectively.

This research from the Qualys research team offers valuable insight into database security across AWS, Azure, and GCP. It highlights how different failure rates reflect the user’s expertise and security management practices rather than the inherent capabilities of the CSPs. The study emphasizes the importance of network security, access management, threat detection, and information security in maintaining robust cloud database protection—and how far we still have to go in each of these areas to be truly secure across cloud databases.

Qualys TotalCloud for Database Security

To assist organizations in their database security, Qualys TotalCloud provides comprehensive security controls for cloud databases in Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. (For more information on Azure database offerings, refer to part one.) It specializes in identifying critical misconfigurations, offering a proactive stance against cyber threats, and ensuring data protection. With swift assessment capabilities, TotalCloud delivers clear insights into the security posture of AWS, GCP, and Azure databases, promptly helping the user detect potential unauthorized access risks. It also supports controls for data encryption with customer-managed keys (CMKs) and access permissions, allowing only authorized user interactions with a client organization’s databases. This suite of controls helps strengthen database security and maintain data integrity in AWS, GCP, and Azure environments.

To learn more about TotalCloud, visit the product page, watch the video, and sign up for a trial.