APJ - ISV - Database

their study: access control and IAM, network isolation, and data encryption. Access Control and Identity and Access Management Cloud providers generally excel in strong access control mecha‐ nisms. The vendors mentioned in this report rely on centralized IAM to manage users, security credentials (passwords, access keys, and permissions), and authorization policies that control which resources and services users can access. Administrators need to master IAM just to get access to the cloud for themselves and their users. In addition, cloud native databases are sometimes integrated with the general cloud IAM tools. Linking your database protections to the cloud's IAM provides the easiest and most secure access poli‐ cies. You will use IAM to define user accounts and then add database- specific access rules on top. Using IAM, you can grant different user permissions to perform different database operations. You also can institute fine-grained access controls—which most databases offer, such as restrictions on particular rows or columns—through IAM. Traditional databases use the same tools in the cloud that you use on-premises, such as GRANT statements in SQL. But you might be able to hook them into IAM so that you can use the same user accounts in both the cloud and the database, and benefit from the extra security and convenience provided by that integration. Network Isolation Some common cloud features to protect your systems on the net‐ work are VPCs, firewalls, and network access control lists (ACLs). As we discuss in "High-Level Effects of Moving to the Cloud" on page 2, a VPC is a private network within the cloud for communica‐ tion between your servers. Within a VPC, you can isolate database instances by specifying the IP range that is allowed access to each database. The organization that creates a VPC has full control over its virtual networking environment and can select its own IP address ranges, create subnets, and configure its own route tables and net‐ work gateways. Security for Data and Applications in the Cloud | 21

• Cover
• Table of Contents
• Chapter 1. Database Options in the Cloud
• High-Level Effects of Moving to the Cloud
• Self-Managed Versus Managed Databases
• Cloud Native Databases
• Types of Managed Databases
• When a Managed Database Might Not Be a Good Fit
• Role of the DBA in a Managed Database
• Chapter 2. The Changing Role of the DBA in the Cloud
• How DBA Tasks Change in the Cloud
• DBA Tasks That Are Taken Over by the Vendor
• DBA Tasks That Remain but with Changes
• New Tasks for the DBA in the Cloud
• Security for Data and Applications in the Cloud
• Access Control and Identity and Access Management
• Network Isolation
• Data Encryption
• Infrastructure as Code: Making the Most of the Cloud
• Chapter 3. Moving Your Databases to the Cloud
• Planning
• Factors in a Migration
• Major Migration Tasks
• Readiness Assessment
• Checking for Incompatibilities
• Data Movement
• Migrating the Database
• Migrating Applications
• Post-Migration Checks
• Optimization
• Availability
• Performance Optimization
• Adapting to Differences in the Cloud
• Conclusion
• Chapter 4. Conclusion
• About the Authors