Your Enterprise Database Security Strategy 2010

White Paper Published By: IBM

With increasingly sophisticated attacks and rising internal data theft, database security merits a stronger focus that goes beyond traditional authentication, authorization, and access control (AAA). A single intrusion that compromises private data such as credit card numbers, social security numbers, or other financial data can cause immense damage to an enterprise’s reputation, not to mention initiating lawsuits and regulatory fines that can have long-term impact. Database security is the last line of defense, so it deserves greater focus on the protection of private data from both internal and external attacks than IT pros have traditionally given it. Database security professionals and information security and risk management professionals crafting a security strategy should:

Align database security policies with information security policies;
Ensure well-defined and formalized database security procedures
Enforce role separation
Apply advanced security measures such as database auditing, monitoring, database encryption, data masking, and vulnerability assessment to all critical databases that store private data.

Tags :

ibm, database security, enterprise, private data, privacy, intrusion, information security policies, auditing

Published:	Aug 30, 2010
Type:	White Paper
Length:	12 pages

September 28, 2009
Your Enterprise Database Security
Strategy 2010by Noel Yuhannafor Application Development & Program Management Professionals
Making Leaders Successful Every DayFor Application Development & Program Management Professionals
September 28, 2009
Your Enterprise Database Security Strategy 2010Stronger Measures Have Become Essential To Defend Against Growing Attacksby Noel Yuhannawith Mike Gilpin and Adam Knoll
Executive SummaryWith increasingly sophisticated attacks and rising internal data theft, database security merits a stronger focus that goes beyond traditional authentication, authorization, and access control (AAA). A single intrusion that compromises private data such as credit card numbers, social security numbers, or other financial data can cause immense damage to an enterprise's reputation, not to mention initiating lawsuits and regulatory fines that can have long-term impact. Database security is the last line of defense, so it deserves greater focus on the protection of private data from both internal and external attacks than IT pros have traditionally given it. Database security professionals and information security and risk management professionals crafting a security strategy should: 1) align database security policies with information security policies; 2) ensure well-defined and formalized database security procedures; 3) enforce role separation; and 4) apply advanced security measures such as database auditing, monitoring, database encryption, data masking, and vulnerability assessment to all critical databases that store private data.
table of Contents NOTES & RESOURCES2 Databases Need Tighter Security To Protect Forrester interviewed 17 vendor and user Against Threats companies, including IBM, Microsoft, Oracle, and Basic Database Security Measures Are No Sybase.Longer Sufficient To Protect Private Data2 Enterprises Must Establish A Comprehensive Related Research DocumentsDatabase Security Strategy "The Forrester WaveT: Enterprise Database Management Systems, Q2 2009"Discovery, Classification, Database AAA, And June 30, 2009Patch Management Provide The FoundationPreventive Measures Build On Top Of The "Market Overview: Database Security"Foundation, Offering Added Layers Of February 27, 2009ProtectionDetecting Anomalies And Performing Routine Security Checks Completes Your Strategy 7 Don't Forget Security Policies, Standards, Role Separation, And Availabilityrecommendations8 All Enterprises Need A Database Security Strategy
© 2009, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.2 Your Enterprise Database Security Strategy 2010 For Application Development & Program Management Professionals
DATABASES NEED Tighter SECURITY TO PROTECT AGAINST THREATSToday, all enterprises use database management system (DBMS) technology to store critical business data. All data is important, but private data matters most. A single intrusion that compromises private data such as credit card numbers or financial data can cause immense damage to an organization, whether big or small. Databases are often the prime target of such attacks, largely because they hold the most-valuable data and are vulnerable unless carefully secured. Recently, in the largest data theft in US history, a Florida man pleaded guilty to stealing more than 170 million credit and debit card account numbers from large retailers such as Sports Authority, OfficeMax, 1and Barnes & Noble. He used various techniques including SQL injection to locate and crack into databases after he identified security holes. More recently, Network Solutions made headlines when it disclosed that hackers planted rogue code that resulted in compromising more than 573,000 debit and credit card accounts. Hackers will find new ways to break into databases; therefore, enterprises need to be more vigilant and take proactive measures to safeguard their data.
Basic Database Security Measures Ar... [download for more]

Browse Technology Topics

Data Center Virtualization, Cloud Computing, Infrastructure, Design and Facilities... more, Power and Cooling, Green Computing less		Data Management Application Integration, Analytical Applications, Business Intelligence... more, Configuration Management, Database Development, Data Integration, Data Mining, Data Protection, Data Quality, Data Replication, Database Security, EDI, SOAP, Service Oriented Architecture, Web Service Management, Data Warehousing less
Electronics Analog Communications, Digital Signal Processing, Electronic Design Automation... more, System On A Chip, Electronic Test and Measurement, Embedded Design, Boards & Modules, Embedded Systems and Networking, Electromechanical & Mechanical, Optoelectonics & Displays, Packaging and Interconnects, Passive & Discrete Components, Power Sources & Conditioning Devices, Integrated Circuits and Semiconductors, Sensors & Actuators less		Enterprise Applications Application Integration, Application Performance Management... more, Best Practices, Business Activity Monitoring, Business Analytics, Business Integration, Business Intelligence, Business Management, Business Metrics, Business Process Automation, Business Process Management, Call Center Management, Call Center Software, Change Management, Corporate Governance, Customer Interaction Service, Customer Relationship Management, Customer Satisfaction, Customer Service, EBusiness, Enterprise Resource Planning, Enterprise Software, EProcurement, Extranets, Groupware Workflow, HIPAA Compliance, IP Faxing, IT Spending, Marketing Automation, Performance Testing, Product Lifecycle Management, Project Management, Return On Investment, Risk Management, Sales & Marketing Software, Sales Automation, Server Virtualization, Simulation Software, Supply Chain Management, System Management Software, Total Cost of Ownership, Video Conferencing, Voice Recognition, Voice Over IP, Workforce Management, Incentive Compensation, Spend Management, Manufacturing Execution Systems, International Computing less
Human Resource Technology Human Resources Services, Payroll Software, Time and Attendance Software... more, Workforce Management Software, Financial Management, Employee Monitoring Software, Employee Training Software, Recruiting Software/Services, Employee Performance Management, ELearning, Benefits Management, Expense Management less		IT Career Advancement Cisco Certification, Microsoft Certification, Linux Certification... more, Network Security Certification, Software Development Certification less
IT Management Employee Performance, ITIL, Productivity, Project Management... more, Software Compliance, Sarbanes Oxley Compliance, Service Management, Desktop Management less		Knowledge Management Collaboration, Collaborative Commerce, Contact Management... more, Content Delivery, Content Integration, Content Management System, Corporate Portals, Customer Experience Management, Document Management, Information Management, Intranets, Messaging, Records Management, Search And Retrieval, Search Engines, Secure Content Management, SLA less
Networking Active Directory, Bandwidth Management, Convergence, Distributed Computing... more, Ethernet Networking, Fibre Channel, Gigabit Networking, Governance, Grid Computing, Infrastructure, Internetworking Hardware, Interoperability, IP Networks, IP Telephony, Local Area Networking, Load Balancing, Migration, Monitoring, Network Architecture, Network Management, Network Performance, Network Performance Management, Network Provisioning, Network Security, OLAP, Optical Networking, Quality Of Service, Remote Access, Remote Network Management, Server Hardware, Servers, Small Business Networks, TCP/IP Protocol, Test And Measurement, Traffic Management, Tunneling, Utility Computing, VPN, Wide Area Networks, Green Computing, Cloud Computing, Power and Cooling, Data Center Design and Management, Colocation and Web Hosting less		Platforms AS/400, Domino, Linux, Microsoft Exchange, Oracle, PeopleSoft... more, SAP, Siebel, Solaris, Tivoli, Unix, Web Sphere, Windows, Windows Server less
Security Access Control, Anti Spam, Anti Spyware, Anti Virus, Application Security... more, Auditing, Authentication, Biometrics, Business Continuity, Compliance, DDoS, Disaster Recovery, Email Security, Encryption, Firewalls, Hacker Detection, High Availability, Identity Management, Internet Security, Intrusion Detection, Intrusion Prevention, IPSec, Network Security Appliance, Password Management, Patch Management, Phishing, PKI, Policy Based Management, Security Management, Security Policies, Single Sign On, SSL, Secure Instant Messaging, Web Service Security, PCI Compliance, Vulnerability Management less		Software Development .NET, C++, Database Development, Java, Middleware, Open Source... more, Software Outsourcing, Quality Assurance, Scripting, SOAP, Software Testing, Visual Basic, Web Development, Web Services, Web Service Security, XML less
Storage Backup And Recovery, Blade Servers, Clustering, IP Storage... more, ISCSI, Network Attached Storage, RAID, Storage Area Networks, Storage Management, Storage Virtualization, Email Archiving, Data Deduplication less		Wireless 802.11, Bluetooth, CDMA, GPS, Mobile Computing, Mobile Data Systems... more, Mobile Workers, PDA, RFID, Smart Phones, WiFi, Wireless Application Software, Wireless Communications, Wireless Hardware, Wireless Infrastructure, Wireless Messaging, Wireless Phones, Wireless Security, Wireless Service Providers, WLAN less