AWS security exec: You don't want to win this database popularity contest
Data guarding requires better 'education, better technology, and better automation'
Interview If there was ever an area where default passwords reign and basic security hygiene is terrible, it's databases.
"Databases are hard to manage, and people have taken the easy path: given lots of people admin privileges and hardcoded database credentials into their software," says Mark Ryland, a director in Amazon Web Services' Office of the CISO.
Complexity is the enemy of security, and, let's face it, databases aren't simple. It's an area that requires better "education, better technology, and better automation," he told The Register, in a conversation about database security, which you can watch below.
Database administrators aren't the only ones looking for the easy button, however. Crooks looking to break into databases are, too, and when it comes to choosing a target, they want the highest return on investment, so they're going to attack the vault with the most users that's most likely to be poorly protected.
"Attackers are pragmatists," Ryland said. "The popularity of the database has more to do with it than the database itself. It's almost a popularity contest, in this case not a good one, for those who are looking to do malicious activity."
There's no inherently insecure option, he added. Popular open source and commercial databases are protected — "if they are properly installed and configured and managed." That's a big if, and one that organizations probably won't want to take a chance with.
The bottom line, for both managed databases and DIY options, is defense in depth, according to Ryland. "You really want to have multiple levels of controls in case one level fails." ®