A recent ESG Research Brief revealed that valuable databases are often protected by an ad hoc combination of IT groups and manual processes. Clearly, these weaknesses make databases vulnerable, but are there specific types of database security threats that increase the risk of a data breach? Yes. ESG’s data also points to a pattern of enterprise data breaches and identifies specific database risks concerning security professionals. The good news is that large organizations have made database security a 2009 priority, but the question remains: Is this action a case of too little, too late?
There is no longer a question as to whether large organizations need log management solutions. But as log management and analysis needs evolve, legacy products can't scale, accommodate uncommon log file formats, or provide the right level of real-time or historical analysis. These requirements are driving a transition to a new model called log management warehousing. Similar to "top-down" data warehousing, log management warehousing will evolve to become a centralized enterprise service over the next few years.
By far, the number one question users considering a move to cloud storage ask is whether or not their data will be secure. Storing data offsite doesn't change data security requirements; they are the same as those facing data stored onsite. Security should be based on business requirements for specific applications and data sets, no matter where the data is stored. Users evaluating cloud storage service providers should demand the same type of security controls they would in their own data centers with regard to physical security, data encryption, and network security.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2014 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188
Enter your email address, and click subscribe