Maybe InfoSec should be rechristened the database security show?

There appear to be more and more vendors now focussed on securing the good old database by offering tools that layer onto an existing RDBMS, monitoring who is doing what and when and then taking, if needed, appropriate action.

A interesting player in the market for enhanced data security is Protegrity (www.protegrity.com). The nature of retail can be an IT security nightmare from the start. We have high turnover of shop staff that have access to customer credit card details, we have shoppers placing orders via telesales and then we have the really wild ecommerce environment when anything goes. By wrapping technical smarts around virtually any database platform, including AS400, Oracle, SQL Server and TerraData, Protegrity are able to offer clients a high degree of security along with a useful reporting mechanism.

Of course the reporting mechanism is vital. What point is there in having good security if the CSO/CIO or any other CXO can’t have a nice big smiley face on their portal to assure them that “all is well”?

Meanwhile PGP (www.pgp.com) are busily encrypting anything that will move, on the basis that even if a laptop does go missing if the data is encrypted it will have little value beyond the £25 the local smackhead got for it in the pub.

By the way, although we will all report loss or theft of our laptops, how many would do the same for a USB key? In fact ask yourself the question – how many USB sticks have you lost? Scary when you think about it.

According to research carried out by PGP working with the Ponemon Institute reputational risk is now a big worry for many organisations, so mitigating this with decent encryption is a no brainer for many. I’ll try and share more of this research at another time.

ActivIdentity (www.actividentity.com) meanwhile are working hard to bring together the world of physical security with logical security. With their access card systems they can build scalable, manageable card access systems to control door access alongside computer access. Interestingly they are seeing the coming together of some facility management responsibilities under the umbrella of the CTO or other security manager. This isn’t to say that the CTO is now known as the Cleaning the Toilet Officer, rather they are assuming responsibility for managing physical security assets that maybe was not part of their portfolio before.

Hey, it makes sense to me.

McAfee (www.mcafee.com) are busy extending their portfolio of products by aggressive acquisition, development and enhancement. They now have an interesting suite of products that starts to deliver on this vision we have all been clamouring for – single management of all my security estate. Tough gig, but if they can crack it then good luck to them.

One aspect of InfoSec I really enjoy is dodging the vendors that like to thrust a gamut of DVDs and paperwork in your hand as you rush by to yet another briefing. I normally manage to avoid collecting too much (especially since I have just come back from Egypt, and escaping the street sales people became a fine art) but for once I was actually caught.

So there you have it, another day at DataSec.

Let’s see what day 3 brings.