An ephemeral cloud environment is best described as one meant to last for a limited amount of time as a specific need arises and then destroyed when that need is met. That amount of time can vary from as short as a few hours (i.e. the time it takes to run CI/CD pipeline) or as long as a few weeks (i.e. a customer issue is being reproduced). These environments typically include compute resources as well as data stores, which hold all sorts of data (including sensitive) inside of them.
No matter the use case, a data store is created, used for a short time, and then discarded. For this blog, we will focus on these.
The advantages of using ephemeral data stores are numerous:
From a security lens, more often than not, ephemeral data stores are often mistakenly treated as temporary, which means they don’t have the full blown security policies and tools as would be commonplace in “permanent” environments. These can be broken down into 3 main points:
This scenario significantly increases the risk of a data breach but also makes it increasingly difficult to investigate an issue. Basically, the time it takes to discover and investigate the problem ends up being longer than the lifetime of the data store itself.
So, what can you do to prevent this?
Define the security processes and procedures with regards to ephemeral environments and data stores inside them, establish ownership, limit and control access, and monitor the usage and security compliance. This should happen from the moment the data store is spun up until after it’s been destroyed.
Here are 5 steps you should take:
Yes we can help you
Eureka’s unique cloud data security solution provides a seamless process to automatically implement and monitor all the steps above. We can help you identify new data stores in your environment within minutes, classify and understand what data resides within them, keep tabs on access permissions and usage, and finally alert you if there are any misconfigurations, security risks, or violations of your company’s security policy. These insights are also accessible to you even after the data store has been deleted, making it easier to review and investigate issues.