English   Deutsch   Русский   中文    

Database Security - a hot topic

Mar 16, 2011 by Martin Kuppinger

During the last few months I've did a lot of research around database security, and some advisory. This market, with the very big player Oracle and its large number of offerings, and IBM as another heavyweight vendor, is growing rapidly. Besides the two big ones there are several specialized vendors like Sentrigo, Imperva, Bitkoo, NetIQ, and several others - I'll cover the market soon in an upcoming research note which will provide an overview about all key players in that market. Have a look here regularly - the research note will be out latest around mid April... By the way: You'll find there as well a new research note on Database Governance, the "umbrella" for database security.

But that's not my main topic for that blog. One of the questions which pop up frequently around database security is whether specific tools really help. How about outgoing traffic when a database firewall only looks at incoming SQL requests? How about the risk of a root admin at the OS level deleting (or copying) database files? How about the price to pay for encryption? How about the technical users and the hard-coded business rules in applications accessing databases and filtering the result sets? And these are only some of the questions we hear in our webinars (with some around database security, available as recordings) and our advisories.

These questions all touch one point: Database security is not about implementing a single tool. There is a good reason for Oracle having many different tools in their portfolio, but even database security itself isn't sufficient. It is about looking at the entire topic of Information Security, from the applications to databases (and business analytics!), the operating system, and the network. Understanding where and why information is at risk is key for defining the security strategy, the controls, and selecting the tools which in combination mitigate the risk to a level which appears to be acceptable.

Thus, successful database security strategies never ever can be defined only looking at the databases but need to be defined in the overall context of Information Security. Databases are part of the overall IT ecosystem, and database security is part of overall Information Security - as well as Database Governance is an element within Corporate Governance and IT Governance.  It's always about "strategy first" when it comes to security - and it's about avoiding point solutions.

You can learn a lot more about trends and best practices around Database Governance, Database Security, and overall Information Security at the European Identity Conference 2011, Munich, May 10th to 13th.


Author info

Martin Kuppinger
Founder and Principal Analyst
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
RTSI asnd Future SOC
Statistics show that most data breaches are detected by agents outside of the organization rather than internal security tools. Real Time Security Intelligence (RTSI) seeks to remedy this.
KuppingerCole CLASS
Trusted Independent Advice in CLoud ASSurance including a detailed analysis of the Cloud Assurance management tasks in your company.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole