By: Marcia Kaufman, Partner, Hurwitz & Associates
Published: 16th December 2009
Copyright Hurwitz & Associates © 2009
You say you already have a plan in place to guard your company's data? Are you sure it has you adequately protected? While you certainly understand the need for data security, your sales challenges are tough enough without exposing your customers' credit card information to a security breech; for example the chances are good that in 2010 you will consider various options for improving the security of your data. If you are going to protect your company's most valuable asset—your data—you will begin to view data security as a component of a more comprehensive information governance strategy.
The risks of internal or external threats to your company's data are becoming more complex as the depth and breadth of your information expands rapidly and your data is shared with business partners, suppliers, and customers. In addition, as companies begin to take advantage of cloud services for some of their workloads, additional complexity is added to the multitude of security concerns. Many companies have deployed a disjointed approach to securing, controlling, and managing its data, making it hard to anticipate and prepare for constantly changing security risks. There are lots of different ways that unauthorized users may enter your network or otherwise steal your data. Many companies typically have a distinct solution to combat each one individually and typically can't protect against all of them. For example, access control, data encryption, network traffic monitoring, vulnerability testing, and auditing may all be monitored with independent applications.
There is a good reason why many companies find they need to deploy lots of different solutions to effectively govern its information. Some of the most innovative solutions have come from emerging companies who have built a niche around a particular vertical market or some segment of the information security market. So you deploy the best solution for your biggest challenges and move on. However, as you begin to think more holistically about your needs for information governance, you will want to ensure that information security solutions are well integrated. This is one reason why emerging companies with an information security solution have become desirable acquisition candidates for larger software vendors.
Guardium, a privately-held company based in Massachusetts, is one of the most recent examples of this trend. When IBM announced its acquisition of the company in the last week of November, Guardium moved from a fast growing startup to one of the pillars of the IBM information governance strategy. The company's technology helps clients with some of the most challenging issues around unauthorized access to critical data. Their solutions provide secure access to enterprise data across many different database environments such as IBM, Oracle, Microsoft, Teradata and others. In addition, customers can reduce operational costs by automating regulatory compliance tasks. While many companies may have the ability to monitor one database at a time, Guardium brings added value by enabling companies with complex environments to monitor databases across their organization.
This acquisition aligns well with IBM's strategy to provide customers with a well-integrated and comprehensive approach to information management. IBM has spent in the range of $12 Billion over the past five years to add software assets that will help companies to make more intelligent decisions and realize more business value from their information.
Posted: 17th December 2009 | By Thom VanHorn, VP of Global Marketing, Application :
The acquisition of Guardium by IBM validates the importance of database security risk and compliance for enterprise customers. However, IBM customers will be challenged to successfully integrate Guardium's technology into an already disparate portfolio of point solutions acquired through multiple acquisitions. Serious customers seeking an enterprise approach and an integrated platform for database security, risk and compliance will find that IBM may have actually in fact complicated the task by providing yet another non integrated point solution. This approach overlooks the primary requirement to provide INTEGRATED solutions for discovery, policy management, vulnerability assessment and user entitlement management (the underpinnings which drive an activity monitoring rules based solution). Instead IBMs offerings for the foreseeable future appear to be a confusing array of user consoles, policy managers, report formats, and rules engines all built by separate companies to achieve separate goals.
According to our recent research study with ESG, 60% of top-level IT Security executives at large organizations dont feel their existing controls adequately protect their organizations confidential data and 70% of organizations do not feel their existing database controls are well-defined. This means over 2/3 of organizations lack an adequate plan and approach to protect confidential data!
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761