What are the security risks involved when uploading data to the Spotlight Cloud?

In the Information Technology world, we often ask ourselves, "What are the security risks involved uploading data to the Cloud?"  With the Spotlight Cloud services, you can now monitor all your SQL Server Connections on your mobile device or from a browser at https://www.spotlightessentials.com .  Monitoring features include a Heatmap, an Alarms List, Alarm Details and the ability to Snooze, or Acknowledge alarms.  Spotlight for mobile devices is a feature available at no additional cost to users of Spotlight Enterprise and Spotlight on Oracle.

However, that still doesn't answer the topic, "What are the security risks involved when uploading data to the Spotlight Cloud?"

Only performance related monitoring data will be uploaded to our data center.  Only owner and authenticated organization members can view the upload data.  For your security, if possible, please keep servers disconnected with any public network.  The Diagnostic Server connects to an internal server for monitoring purpose. Only the Diagnostic Server can connect to the Spotlight Cloud.  Only some monitoring data will be uploaded to the Spotlight Cloud. E.G., the drilldown data we looked at yesterday does not upload to the cloud.

What data are we sending?

Any user of various Quest Software products can opt-in to send system configuration and performance metrics from their SQL Server or Oracle environment to SpotlightEssentials.com. Data is collected and then sent periodically. Once it's uploaded we store it for analysis and consumption by the end user. From the data and subsequent analysis SpotlightEssentials.com is able to generate a picture of your systems health and performance.

How are we sending the data?

The data is sent from the Spotlight Enterprise, Spotlight on Oracle, Toad for SQL Server, Toad for Oracle and Spotlight Extensions to SpotlightEssentials.com over the internet. We enforce SSL (https) on the API endpoints on the website so that all data sent to us is encrypted.

How is the data stored in SpotlightEssentials.com?

When we store your data at SpotlightEssentials.com, your data is uploaded as an XML (Atom feed), or JSON object and it is stored in Microsoft's Azure Cloud Platform. The datacenter we currently use is in the north central United States of America. This data may be geo-replicated to other datacenters within the United States. The raw data that is uploaded is kept in the blob store and is encrypted at rest. Processed data that is non-numeric (for example SQL text and plans (extracted from the uploaded data)) are encrypted at rest. This is done so that if our storage account(s) in the datacenter get compromised, none of the data is readable.

How are users authenticated on the Spotlight website?

Following registration with Spotlight each user is assigned a unique user name and password. Users are required to enter these credentials over an SSL (https) connection to login to the site.

How are users authenticated when using the Spotlight Mobile App?

Following registration on the Spotlight website each user is assigned a unique user name and password, or if using a Windows device, a unique user token and password. Users are required to enter these credentials over an SSL connection to sign in to the Spotlight Mobile App.

Where can I find security and compliance information on the Windows Azure Platform?

The best place to go is the Windows Azure site itself at https://azure.microsoft.com/en-us/overview/trusted-cloud/ .

 

For more information about the Spotlight Cloud, please visit: https://www.spotlightessentials.com/documentation/security

 

About the Author
Aaron Mares
I currently support Spotlight on SQL Server Enterprise as an Enterprise Tech Support Advisor. I have a quality approach to supporting Spotlight Point that is designed to deflect SR creations by our customers...