Most will agree that corporate databases are a rich source of confidential and private information. This data needs to be protected via methods that comply with corporate and government regulations. New data requirements demand technology changes, but will IT organizations have the budgets, skills, tools, and processes necessary to keep the information residing in these databases secure?
Recent ESG research illustrated that cyber supply chain security is extremely immature in most large organizations, an alarming fact given today's sophisticated threats and targeted attacks. Many CISOs claim that cyber supply chain security is relatively new and there are no best practice guidelines to follow. IBM's recently published Secure Engineering Framework Redguide may help bridge this knowledge gap. Outlining its internal best practices for software assurance and cyber supply chain security, IBM provides a set of valuable guidelines that CISOs can customize and emulate for their own needs.
Given the amount of sensitive and regulated data stored in corporate databases, one would assume that database security is strong, well-understood, and adequately funded. Unfortunately, none of these assumptions are true. Database security remains challenging in terms of the IT organization, security technology, and financials. While database security issues often do not receive adequate attention, they represent a security “elephant in the room,” creating an unacceptable level of security risk for many large organizations.
Over the past few years, IT consolidation has reached a fever pitch with most organizations moving as many IT assets as possible from remote locations and small data centers into more cost-effective optimized corporate facilities. The applications and data in these centralized sites, however, are still accessible to remote/branch offices at the other end of the wire. Inadequately managed remote PCs combined with poorly trained workers at these locations creates a vulnerable population that could be an easy entry point for cyber criminals and advanced persistent threat (APT) attacks.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s Information Security and Networking services. With 25 years of technology industry experience, Jon is widely recognized as an expert in threat and security management as well as all aspects of network security. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. He has also held senior management positions at GiantLoop Network, Forrester Research, Epoch Systems, and EMC Corporation.
© 2013 Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188
Enter your email address, and click subscribe