Your Enterprise Database Security Strategy for 2010
By Roxana Bradescu on Sep 29, 2009
Noel Yuhanna from Forrester has just published a fantastic report on database security entitled Your Enterprise Database Security Strategy for 2010 that I would encourage everyone to read.
There's been a lot written on individual point solutions like database encryption or database activity monitoring. But I think this kind of analysis causes more harm than good and a lot of it is based on misconceptions. Not to name names, but I know there was at least one analyst out there that for quite a while was telling clients that database activity monitoring can be used as a compensating control for database encryption. Good luck passing PCI compliance with that! The unfortunate thing is that customers do often end up buying point solutions that they later figure out don't provide all the data protection they need, don't meet their compliance requirements, cause database stability and performance problems since not well integrated, and will cost a small fortune to deploy and scale.
What makes this Forrester report so useful is that it's basically a blueprint for database security. It identifies all the areas of database security that organizations need to consider upfront. You don't need to deploy everything at once but it's important to understand the big picture so can prioritize and formulate an actionable database security plan. More to come on this topic. Approaching database security strategically not only saves time and money, but ensures that you are truly protecting your data, since defense-in-depth is really the key to database security.