- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
 |
How many identities will be stolen or 
corporate assets commandeered before you build as strong a fortress around your database as you do around the perimeter?
Millions? Dare I say, billions
Consider these statistics from the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego. Between Feb. 15, 2005, and May 7, 2006, recorded data breaches across the country compromised the personal information of more than 55 million individuals. That's a whole lot of Social Security, credit card, banking and driver's license information floating around unprotected.
University databases, full of student information, are favorite hacker targets. Boston College, Carnegie Mellon, Duke, Georgetown, Northwestern, Purdue, Tufts, USC - these are only a few of the universities that have fessed up to being hacker victims. But such corporate icons as CitiFinancial, Ford Motor and Time Warner have reported data losses, too - from hackings, insider theft, and lost or stolen laptops and tapes. (See the Clearinghouse's comprehensive listing of reported incidents.)
At this point, you shouldn't need another data theft headline to get you moving. Any decent New Data Center architectural plan should include a way to button down your enterprise databases.
Don't rely exclusively on the security and management features native to your big IBM DB2, Microsoft SQL Server or Oracle 10g databases. They're gaining in sophistication and functionality, but still they meet only basic security requirements.
So if you haven't already, the time has come to bring in the big guns. All enterprises should implement database vulnerability assessment, data-at-rest encryption, intrusion detection and in-depth auditing, recommends Forrester Research in a November 2005 trend report.
The tools, available largely from start-ups, are plentiful enough, and many have already been deployed at hundreds of enterprises. For example, take Application Security's AppDetective vulnerability assessment scanner, one of the earliest database protection tools. Application Security counts 500 customers for AppDetective, which discovers database applications within the infrastructure and assesses how secure they are, says Ted Julian, vice president of marketing at the company. AppDetective scouts out a slew of enterprise databases - IBM DB2, Lotus Notes/Domino, Microsoft SQL Server, MySQL, Oracle and Sybase.
- on-demand, instant resourcing: you can request 200 new compute instances and you can get them, there...- Craig Balding
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment