Database security: At rest, but not at risk
Data at rest is data at risk, as the old saying goes. These database security tools and strategies can help you fight back.
By Mary Brandel
July 30, 2012 — CSO —
Database security is starting to show up on the radar of C-level execs, and no wonder. According to Verizon's "2012 Data Breach Investigations Report," 174 million corporate records were compromised in 2011 (the highest since 2004, according to the company), and in a survey by the Independent Oracle Users Group, 31 percent of respondents anticipated a major data breach this year.
At the same time, most companies are still fairly low on the database security maturity curve, and so are just beginning to shift their attention from protecting the corporate borders to guarding the corporate jewels.
Businesses are faced with a heightened threat landscape, more sophisticated database attacks and an increased regulatory compliance burden, and Forrester Research predicts they will begin to spend more on database security, which now accounts for just 5 percent to 10 percent of their overall information security budgets. Meanwhile, database vendors are working to bolster their security capabilities, while third-party database security tool vendors continue to add to their offerings.
Here's a CISO's guide to database security options.
In this in-depth Database Security report (click on any link to skip to that section):
- Industry consolidation and growth (this page)
- 3rd party tools versus database vendors (p.2)
- Trends and best practices (p.2)
- Key security functions (p.3)
- Vulnerability assessment and scanning (p.3)
- Database auditing and monitoring (p.3)
- Real-time protection and DBMS firewalls (p.4)
- Database encryption (p.4)
Market Activity: Consolidation and Growth
Forrester forecasts growth of the database security market at approximately 20 percent annually through 2014, with leading database vendors—for example, IBM, Microsoft, Oracle and Sybase—further extending database security, and independent vendors—such as Application Security, Fortinet, Imperva, McAfee and Vormetric—filling in the gaps. The database security market is in a state of consolidation, with IBM acquiring Guardium, Oracle buying Secerno, Fortinet incorporating IPLocks, and McAfee snapping up Sentrigo.
While the larger vendors will continue to dominate the database security market, according to Forrester, standalone vendors will start to use broader information security frameworks, and begin offering security information and event management (SIEM), intrusion-detection-and-prevention and data-loss-prevention systems.