Databases are arguably still the most widespread technology for storing and managing business-critical digital information. Manufacturing process parameters, sensitive financial transactions or confidential customer records - all this most valuable corporate data must be protected against compromises of their integrity and confidentiality without affecting their availability for business processes. The area of database security covers various security controls for the information itself stored and processed in database systems, underlying computing and network infrastructures, as well as applications accessing the data.
However, since the last edition of KuppingerCole’s Leadership Compass on Database Security two years ago, a notable change in the direction the market is evolving has become apparent: as the amount and variety of digital information an organization is managing grows, the complexity of the IT infrastructure needed to support this digital transformation grows as well.
Nowadays, most companies end up using various types of databases and other data stores for structured and unstructured information depending on their business requirements. Recently introduced data protection regulations like the European Union’s GDPR or California’s CCPA make no distinction between relational databases, data lakes or file stores – all data is equally sensitive regardless of the underlying technology stack.
Because of this, we have decided to expand the scope of this year’s Leadership Compass to incorporate data protection and governance solutions for NoSQL databases and Big Data frameworks in addition to relational databases we focused on last time.
Among the security risks databases of any kind are potentially exposed to are the following:
- Data corruption or loss through human errors, programming mistakes or sabotage;
- Inappropriate access to sensitive data by administrators or other accounts with excessive privileges;
- Malware, phishing and other types of cyberattacks that compromise legitimate user accounts;
- Security vulnerabilities or configuration problems in the database software, which may lead to data loss or availability issues;
- Denial of service attacks leading to disruption of legitimate access to data;
Consequently, multiple technologies and solutions have been developed to address these risks, as well as provide better activity monitoring and threat detection. Covering all of them in just one product rating would be quite difficult. Furthermore, KuppingerCole has long stressed the importance of a strategic approach to information security.
Therefore, customers are encouraged to look at database and big data security products not as isolated point solutions, but as a part of an overall corporate security strategy based on a multi-layered architecture and unified by centralized management, governance and analytics.
1.1 Market Segment
Because of the broad range of technologies involved in ensuring comprehensive data protection, the scope of this market segment isn’t easy to define unambiguously. In fact, only the largest vendors can afford to dedicate enough resources for developing a solution that covers all or at least several functional areas – the majority of products mentioned in this Leadership Compass tend to focus on a single aspect of database security like data encryption, access management or monitoring and audit.
The obvious consequence of this is that when selecting the best solution for your particular requirements, you should not limit your choice to overall leaders of our rating – in fact, a smaller vendor with a lean, but flexible, scalable and agile solution that can quickly address a specific business problem may, in fact, be more fitting. On the other hand, one must always consider the balance between a well-integrated suite from a single vendor and a number of best-of-breed individual tools that require additional effort to make them work together. Individual evaluation criteria used in KuppingerCole’s Leadership Compasses will provide you with further guidance in this process.
To make your choice even easier, we are focusing primarily on security solutions for protecting structured data stored in relational or NoSQL databases, as well as in Big Data stores. Secondly, we are not explicitly covering various general aspects of network or physical server security, identity and access management or other areas of information security not specific for databases, although providing these features or offering integrations with other security products may influence our ratings.
Still, we are putting a strong focus on integration into existing security infrastructures to provide consolidated monitoring, analytics, governance or compliance across multiple types of information stores and applications. Most importantly, this includes integrations with SIEM/SoC solutions, existing identity, and access management systems and information security governance technologies.
Solutions offering support for multiple database types as well as extending their coverage to other types of digital information are expected to receive more favorable ratings as opposed to solutions tightly coupled only to a specific database (although we do recognize various benefits of such tight integration as well). The same applies to products supporting multiple deployment scenarios, especially in cloud-based and hybrid infrastructures.
Another crucial area to consider is the development of applications based on the Security and Privacy by Design principles, which have recently become a legal obligation under the EU’s General Data Protection Regulation (GDPR) and similar regulations in other geographies. Database and big data security solutions can play an important role in supporting developers in building comprehensive security and privacy-enhancing measures directly into their applications.
Such measures may include transparent data encryption and masking, fine-grained dynamic access management, unified security policies across different environments and so on. We are taking these functions into account when calculating vendor ratings for this report as well.
Despite our effort to cover most aspects of database and big data security in this Leadership Compass, we are not covering the following products:
- Solutions that primarily focus on unstructured data protection having limited or no database-related capabilities
- Security tools that cover general aspects of information security (such as firewalls or antimalware products) but do not offer functionality specifically tailored for data protection
- Compliance or risk management solutions that focus on organizational aspects (checklists, reports, etc.)