Database monitoring, encryption vital in tight economy, Forrester says

By Erin Kelly, Contributor 18 Jun 2009 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

When the economy is in a downturn and the fear of layoffs loom, enforcing database security using database monitoring and database encryption tools is fundamental to defending against data leakage and can be implemented even on a tight budget, said Jonathon Penn, principal analyst at Forrester Research Inc.

"[The database] is a target for external attack, it's also a target for abuse and misuse by internal people," Penn said. "So protecting that is important, whether it be monitoring for large downloads by authorized people or monitoring the extent to which they're interacting with the database, whether [their activity] be suspicious or indicate they're taking information with them because they're leaving the company or worried about layoffs."

In the recent report, "TechRadar For SRM Professionals: Database and Server Data Security, Q2 2009," Forrester investigated the current state of eight significant technologies: centralized key management, data classifiers for security, data discovery scanners, database encryption, database monitoring and protecting, outbound Web application filtering and tape and backup encryption.

"We found protecting data is an incredibly complex task, and there is no single technology or process you can put in place in order to safeguard your information," Penn said. "On top of that, threats have become more sophisticated, more targeted, and the criminals behind these attacks have excellent resources at their disposal."

Penn recommended desktop, laptop and full disk encryption as some of the easiest and most cost-effective ways to manage security. However, he stressed that a cost-effective approach is not always about what you go out and buy, but can be as simple as implementing security measures on an ongoing basis.

The report, authored by Forrester senior analyst Andrew Jaquith, claims brute-force technologies like encryption will remain popular and monitoring technologies will also see an uptake in adoption, yet data classification and data discovery technologies that span multiple technology domains still have complexities that need to be worked through.

Data encryption and monitoring technologies are favorable for users because they focus on targeted assets and are very specific products, Penn said. Data discovery and data classification tools require different stakeholders in an organization to come to a consensus and must be coordinated across these different groups in order to be effective, making them more complicated and expensive projects, he said.

Forrester urges security professionals to move forward on data discovery and classification projects. Security pros should work with knowledge management professionals, storage managers, business units, and information officers within their organization to define and locate customer data as well as agree on and implement an appropriate policy, Penn said.

"The need to come up with a coordinated approach is paramount to really solving this problem and we're not there yet by any means," Penn said. "It's not just the technology – it's the maturity of the organization to get to that degree of coordination."

Data discovery and data classification are also the most expensive technologies studied in the report because that state of the market requires organizations and users to adopt multiple tools to carry out the projects, Penn said.

"Data discovery and data classification tools right now are not at the level of maturity where you can buy a single tool or product to coordinate everything," Penn said. "That's why those tools will be lagging by which the speed they are adopted."

Dedicated tape and backup encryption technologies are expected to decline in the next five years, according to the report. The tools are fairly mature and are being built into storage devices instead of being purchased separately, Penn said.

In the future, Penn recommends security and risk professionals build awareness and momentum around understanding data and enforcing policy.

"I think that's the biggest challenge – getting people involved and coordinating an understanding of data," Penn said. "Security professionals have not been able to do this so far, but they need to move slowly and work with the legal department and build up support for coordinating projects together so an organization has a single view of the policy."

Tags: Database Security Tools and Techniques,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Database Security Tools and Techniques Multifunction security device safeguards SOA, streamlines company's infrastructure Safend expands data leakage prevention product to plug more gaps How to prevent memory dump attacks Database activity monitoring lacks security lift Report: Firms avoid encrypting backup tapes, databases Cryptography for the rest of us Recent breaches show data theft prevention basics lacking Unpatched vulnerability discovered in Microsoft SQL Server How to use Excel for security log data analysis SQL injection continues to trouble firms, lead to breaches

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary