Armed For Security Breaches
Vendors have seized the opportunity of the cybercrime upswing to push their database security wares, hard. Many of these products have specific means of dealing with database security: data leak prevention, SQL injection attack protection, activity monitoring and auditing as well as two-factor authentication are just a handful of strategies often incorporated into database security recommendations and products.
With all of the products out there and all of the different approaches each one takes to securing the database, how can you know which product is a "best fit" for your clients or your organization? The answer is there really is no best fit. As with securing any other component of a data center, database security also requires a multilayered approach -- a defense "stew" if you will, composed of many ingredients.
This multilayered approach is one reason why we like DataGuise's database security solution. The Fremont, Calif.-based company has a two-tiered solution, which was unveiled June 30. The products are dgDiscover and dgMasker.
Dataguide's dgDiscover is a software-based solution. It scans enterprise databases and highlights which ones contain sensitive data: credit card numbers, Social Security numbers and the like. What's great is that "sensitive data" is not only predefined, but what is constituted as sensitive can be configured using customizable data security policies.
The ability to define and categorize data as sensitive makes dgDiscover invaluable to organizations having to meet compliancy regulations likes HIPAA or PCI. Not only is data protected from external interlopers, but data can be protected against the prying eyes of internal employees or IT staff.
Dataguise's dgDiscover's other big plus if that works crossplatform, able to perform against Oracle, SQL, MySQL, Access, DB2, Sybase and Teradata. It can also scan against files, like Office documents, PDFs and other formats.
Scanned search results of noncompliant data can be viewed using the dgdashboard or in detailed reports.
The second layer of DataGuise's solution is dgMasker. As the name implies, dgMasker masks sensitive data. Masking is a technique used to hide the actual characters in a data field. For example, Social Security numbers can be masked with random or preset characters, so that the actual numbers are not exposed in the event of data theft.
Dataguise's dgMasker employs the use of a client tool. The client gets pointed to the database (requiring authentication permissions to that database) and security administrators can build a masking template. In-the-box masking policies can be applied to any field. There are also several masking options to choose from. For example, last names in a database can be masked with a static set of characters or masked with random characters as well as other options.
Once masking policies are applied, dgMasker will display how the masked data looks, before the actual masking executes.
A great way to apply masking for internal purposes is to mask salary data so that no one without proper permissions can see what another employee's salary is.
These are two great tools in the war against security breaches. Both products automate the process of securing data and reducing risk without the need for scripting or in-house development.