The Battle Begins…. Which Cloud Provider will Reign Supreme?

July 20th, 2014

Place your bets now – it’s gonna be a good fight. The cloud is the arena where the next big tech giant battles will be taking place.. We’ll have to sit down as watch as the go head-to-head to win the customers who have started the mass migration to the cloud.

If you are thinking of migrating your databases to cloud, your vote will count towards determining the winner. As you evaluate your options, we suggest you consider these guys first and foremost.


Amazon Web Services

  • Amazon DynamoDB provides a scalable, low-latency NoSQL online Database Service backed by SSDs.
  • Amazon ElastiCache provides in-memory caching for web applications. This is Amazon’s implementation of Memcached and Redis.
  • Amazon Relational Database Service (RDS) provides a scalable database server with MySQL, Informix,Oracle, SQL Server, and PostgreSQL support.
  • Amazon Redshift provides petabyte-scale data warehousing with column-based storage and multi-node compute.
  • Amazon SimpleDB allows developers to run queries on structured data. It operates in concert with EC2 and S3 to provide “the core functionality of a database”.
  • AWS Data Pipeline provides reliable service for data transfer between different AWS compute and storage services (e.g., Amazon S3, Amazon RDS, Amazon DynamoDB, Amazon EMR). In other words this service is simply a data-driven workload management system, which provides a simple management API for managing and monitoring of data-driven workloads in cloud applications.[22]
  • Amazon Kinesis streams data in real time with the ability to process thousands of data streams on a per-second basis. The service, designed for real-time apps, allows developers to pull any amount of data, from any number of sources, scaling up or down as needed.



vFabric Data Director is a unified virtualization platform for managing the lifecycle of heterogeneous data engines. vFabric Data Director currently supports Oracle 10gR2,11gR2, SQL Server 2008 R2, SQL Server 2012, VMware vFabric Postgres 9.1.6, and Hadoop 1.0 distributions including Apache Hadoop 1.0.x, Cloudera CDH3, Greenplum HD 1.1 and 1.2, and Hortonworks HDP-1.


Google Cloud Platform

Google Cloud SQL is a MySQL database that lives in Google’s cloud. It has all the capabilities and functionality of MySQL, with a few additional features and a few unsupported features as listed below. Google Cloud SQL is easy to use, doesn’t require any software installation or maintenance, and is ideal for small to medium-sized applications.


IBM Softlayer

SQL or NoSQL database software can be installed during server deployment or at any time during the life of your server, ready for your configuration.  Supports Microsoft SQL Server (2000, 2005, 2008, 2012), MySQL, Cloudera Hadoop, MongoDB, Basho Riak.


Windows Azure

SQL Database, formerly known as SQL Azure Database, works to create, scale and extend applications into the cloud using Microsoft SQL Server technology. Integrates with Active Directory and Microsoft System Center and Hadoop.

Share this article


Quick Security Rundown from AWS

July 16th, 2014

Attending the AWS Summit in New York last Thursday was highly educational for most of the participants, with a variety of fabulous sessions and excellent vendors on the floor. We attended the security sessions and would like to share the takeaways over the course of the next blog posts.

In the area of security, the main takeaways we heard were:

Public cloud today is viewed as much more secure than in the past.
Examples of high-level government agencies, healthcare organizations and enterprises moving to the cloud confirmed a high level of confidence in cloud solutions. The main reason for this are:

  • First – The cloud provider infrastructure is becoming increasingly more secure by offering more security capabilities, options and services for their clients.
  • Second – Cloud providers, such as Amazon Web Services (AWS), recognize specific needs of certain industries with even stricter regulatory and compliance requirements. For example, AWS has built the AWS GovCloud network which allows US government agencies to improve their citizen accessibility.
  • Third – Many security software vendors are developing their solutions to integrate seamlessly with the cloud provider so clients can continue using the same solutions they were using on-premise now in the cloud; for example tools for network security, database security, application security, operating system security and access control.


Understanding shared responsibility to ensure the highest levels of security in the cloud.
Organizations are still responsible for approximately half of the tasks related to security. When using the public cloud, IT managers and CISOs need to be clear about their responsibilities and manage security. In short we can say that the organization is still responsible for protecting the data as it moves to the cloud

Know the difference between real-time intervention versus scanning and monitoring technologies.
Most of the security technologies today are offering technology that understands your security posture and offers remediation on a periodic basis through monitoring or scanning. Almost none of the security solutions we saw offer real-time intervention to stop a threat when it happens like GreenSQL offers. It’s important to understand what is happening in real-time. In fact, @marknca observed that a DDOS attack looks behaviorally similar to a very successful marketing campaign. Many players have not yet figured out how to identify real-time attacks, so you need to be aware of the difference.

To summarize security and compliance is a top concern for companies and agencies who are moving to the cloud. In fact, in the AWS Marketplace today, a full 1/5th of the software infrastructure products are security related!

Share this article


Hackers take a bite out of Domino’s Pizza database

July 13th, 2014


I’m sure you’re already aware of this tasty bit of information security news. Seems that hacker group, Rex Mundi, are claiming to have broken into Domino’s databases in Belgium and France. They then proceeded to threaten Domino’s with an ultimatum: pay up 30k euro or we release your customer data to the world.

So maybe it was only two countries’ databases that got hacked – it’s really Domino’s Pizza’s entire global brand that’s damaged. Domino’s isn’t the first and probably won’t be the last. Another restaurant chain, PF Chang’s was hacked a month ago.

So, we were wondering – how do corporations enforce data security policies in a global world when rules and regulations change from country to country? 

Restaurant chains certainly allow for some measure of localization… (ex: McDonald’s McSpicy Paneer from India and Burger King’s Ninja Burger from Japan) — but how much localization are they allowing their data security?

It makes sense to us, that much in the same way a new franchise, partner or business branch receives a “How to Use Our Brand / Corporate Philosophy Handbook“, they should also get specific guidelines around “How to Secure Your Front Web Portal and Your Backend to Secure Your (aka OUR) Customers’ PII and Your (OUR) Backends“.

This guidebook would outline what’s known as the 5 Points of Database Security:

1. Monitor and Block SQL Injection Attacks

2. Database Access Control for internal and external users

  • Which source applications access my databases?
  • Which source IPs access my databases
  • Which users access my database
  • When are users and apps accessing my databases
  • What types of database SQL commands are different users and apps allowed to execute?
  • Which data can different users/apps be exposed to, and what should they not see?

3. Block unauthorized access to your network

4. Make sure your database server operating system is always updated with the latest security patches and runs only the the services your application requires.

5. Monitor your database activity according to security and compliance best practices (ex: sql server security best practices)

Of course, it’s not only enough to supply the guidebook – Each corporation must be responsible for auditing their global partners, franchises or branches to make sure they are in compliance with corporate data security policies. Otherwise, they risk getting burnt.



Share this article


Tools ‹ The Database Security Blog — WordPress

July 9th, 2014

The secret to staying secure in the cloud: GreenSQL for AWS

July 3rd, 2014

GreenSQL is proud to be the FIRST database security and compliance software solution on the Amazon Web Services (AWS) Marketplace.

GreenSQL is the only Marketplace AMI that offers a suite of integrated products that work together to fully fortify your AWS database network.

The product secures databases on Amazon Relational Database Service (Amazon RDS)  and can be installed on your Amazon Elastic Compute Cloud (Amazon EC2) . While powerful, GreenSQL remains extremely easy to install, configure and maintain – and can be up and running in a matter of minutes.

Key features offered by the new GreenSQL for AWS include:

  • Sensitive Data Auto-Discovery
  • SQL Injection Attack Detection & Protection
  • Highly Configurable Database Firewall
  • Realtime Dynamic Data Masking
  • Built-in Compliance Reporting (HIPAA, PCI, SOX)
  • Database Activity Monitoring
  • No software is installed on the database server side


Want to Learn More?

Read our GreenSQL for Amazon Web Services Product Fact Sheet

Contact Us to Discuss

Start your 15 Day Free Trial – Install the GreenSQL AMI from the AWS Marketplace

Visit us at Booth 630 at the AWS Summit in New York – July 10th (And get a free tablet cover!)

Register for Live Webinar to see GreenSQL in action – July 15 10:30am EST




Share this article


Getting excited for the AWS Summit in New York

July 1st, 2014

Hey, all you East Coast fans of GreenSQL – have you registered for your free ticket to the AWS Summit in New York. It’s next week  (and last year’s event “sold out”), so I suggest you register now.

Come visit us at booth 630 and get some killer swag … and maybe have some enlightening conversation about database security and compliance solutions (namely GreenSQL) on AWS.

But seriously – this event is a really good opportunity for you to learn from the experts – including this years keynote speaker, Dr. Werner Vogels – CTO of


Share this article


What we talk about when we talk about database separation of duties

June 29th, 2014
This week we got a question that made us realize some folks out there don’t really understand  what we mean when we’re talking about “Database separation of duties.” And probably not database firewall either. It’s a good reminder for us that just because something seems obvious to us – it might be totally new (and therefore) unclear to someone else.


So the question this guy asked us was, “Can I make a table or some particular columns in a table accessible only to a particular user?” After we got this question, we realized that it’s a quite common question among DBAs who are getting pushed by their security guys to set up database privileged users access control. It’s interesting because this is kind of exactly what we’re doing here at GreenSQL. We basically help organizations by letting them protect their sensitive information and help them comply with industry regulations like PCI, HIPAA , etc.


So, for those of you out there who like to easily implement deep separation of duties – look how easy it is:
If the picture above isn’t descriptive enough for you, check our our wordier answer below:


GreenSQL Database Security and Compliance allows you to control access to sensitive information with policy-driven separation of duties . GreenSQL’s table-based firewall and Separation of Duties allows definition of database users according to their  authority to run administrative commands, view information or delete it. Not only are users defined, but it’s possible to define from which IP address or application from which the queries may be submitted from according to application name, source, etc.  User rights management allows organizations to separate user rights by function and stop internal information leaks.


Another way to ensure that only particular columns in a table are visible to a specific user is by using Dynamic Data Masking.  It enables masking of any sensitive and personally Identifiable Information (PII) accessed from application screens, reports, development and DBA tools.


Differentiated levels of access can be granted to application users based on their business roles, whether those users are internal employees, such as human resources personnel, or are part of an external workforce, such as remote DBAs. Masking policies can be defined per column, per source IP, per user or per application. It’s possible to choose the masking policy to suit the context and authority of the user.



Share this article


HIPAA Compliance: Keeping the private parts private

June 15th, 2014

HIPAA rules and regulations are becoming a concern for an increasing number of organizations. Under recent regulation, any company that has any information pertaining to health insurance now has to comply.[1] For example, if your company offers health benefits, you need to protect any information related to that. In other words, you are required to be HIPAA compliant for all information about which employees are covered under those benefits, and what they pay for their health insurance premiums, even if you are not a healthcare organization.

Fortunately, a database firewall like GreenSQL offers a lot of HIPAA protection for private data. In this white paper, you will see exactly which lines of the HIPAA regulation are covered by GreenSQL, and what audit and reporting trails are covered.

The GreenSQL protection applies to healthcare organizations, providing high levels of protection for patient records and personal information. When it comes to medical information, patients are justifiably concerned about their privacy. Using GreenSQL can ensure that the right healthcare providers are able to access only the relevant data for their jobs, and at the same time protect data from both outside attacks and insider lapses of judgment.

If you recently fell under the new HIPAA regulations for non-healthcare organizations, knowing that you are covered with an existing product like GreenSQL can be a huge relief.

To understand exactly what a database firewall like GreenSQL can offer your organization for HIPAA compliance, read this white paper today.


Share this article


LIVE WEBINAR with MSSQLTips: Security, Compliance, and SQL Server

January 9th, 2014

Managing a SQL Server is about more than just up time and performance. It has to be secure and it has to support the compliance (legal) needs of the organization.

- This webinar will look at the role of the Security and Compliance teams, what   they need to accomplish to be successful, and the common mistakes they make when dealing with technical teams.

- We’ll take a quick look at PCI as example of the kinds of requirements they get and how it translates to the world of the DBA.

- We’ll finish up with a quick review of my Security Checklist for SQL Server – 10 things you should be doing whether it’s required by the organization or not.

- The webinar will end with a GreenSQL product demo showing how easy you can achieve security and compliance on your SQL servers, followed by a Q&A session.

Register now!

About the presenters:

Andy Warren, SQL Server Consultant 

Andy Warren is a SQL Server consultant based in Orlando. Andy was a founding member of, President of the Orlando SQL Server Users Group, and one of the founders of SQLSaturday. He has been an MVP since 2009 and has written and presented extensively on topics relevant to SQL Server professionals. Andy blogs at, is on LinkedIn at, and is occasionally on Twitter as @SQLAndy. 

David Maman,  Co-Founder and CTO GreenSQL 

David Maman is a recognized international expert in computer security advising companies on threat management, real-time network protection, advanced network design, and security architecture. In addition to his bachelor’s and master’s degrees in computer science, David confesses to being heavily self-taught, a quality that has served him well in this highly dynamic industry.


Date and Time:

Wednesday, January 29, 2014, 03:00 pm Eastern Daylight Time (New York, GMT-05:00)

Wednesday, January 29, 2014 02:00 pm Central Daylight Time (Chicago, GMT-06:00)

Wednesday, January 29, 2014 12:00 pm Pacific Daylight Time (San Francisco, GMT–08:00)

Share this article


Dynamic vs. Static Data Masking

January 9th, 2014

New Technical Article

Check out our new article on what data masking is, why you really need it and what’s best for you to use .

Data masking is essential because it allows developers, testers, and administrators to work with data and databases, without exposing them to sensitive data.

When developing or testing any new use of the data, it’s important to provide some type of data or database that “substitutes” for the actual data. This substitute data is sometimes fake, but more often it’s a kind of garbled (masked) duplicate of real data. Using data masking, organizations prevent unauthorized individuals from viewing actual sensitive data. At the same time, data masking provides a substitute for real data for the purposes of testing, development, or changes to the administration or configuration of the database.

In this article we talk about the different types of data masking and discuss how organizations can use data masking to protect sensitive data.

Read more…


Share this article