The most valuable resource managed by IT is an organization’s data, and data security has become the number one issue for CIOs and CSO. This was not clear seven years ago, when we started working with key enterprise customers on a new generation of security products, but it is quite clear today.
There are two key compliance drivers: One is data privacy, required by PCI and other data privacy regulations. These initiatives establish controls to ensure that sensitive data cannot be accessed by unauthorized users, and create a secure audit trail of all access to that data. The second driver is ensuring the integrity of data for corporate governance, as characterized by SOX controls around the activities of privileged users.
Thanks to compliance (or really bad cases of insider fraud or a breach), data security is now even on the minds of CFOs, CEOs and board-level executives.
This focus on data security has naturally propelled Database Activity Monitoring (DAM) to the forefront. All enterprise applications use databases as the back-end, and the vast majority of data addressed by these security and compliance projects resides in databases. If the network can be viewed as IT’s arteries and veins, the database is the heart or brain – or both.
The most interesting thing about DAM is that it did not grow up in a vacuum. Databases have always had good security and auditing capabilities.
For example, almost all major database platforms have provided entitlement management and auditing. Oracle had native auditing in the early 1980s and put in Virtual Private Database in 8i. IBM’s DB2 and Informix similarly have had auditing for a very long time. Sybase has sybsecurity and Microsoft SQL Server has C2 audit, traces, and in SQL Server 2008, Change Data Capture.
I think that DAM has caught database vendors off guard – from their perspective, they gave users all the tools to implement security and compliance. What they didn’t realize is that other methods can be an order of magnitude easier to implement (also, most enterprises have multiple DBMS platforms deployed, so a single vendor’s solution usually isn’t the optimum approach).
Where is DAM going?
I believe the focus will be on optimizing business processes and increasing operational efficiency. Understanding where different types of data are located, how they’re being accessed, and analyzing and controlling access behaviors are key not only to security, but also to effective data management. But the crux is efficiency.
DAM is no longer about whether you can observe all database access. The focus has turned to how easily you can implement these capabilities and what you can do with them to optimize your environment.
DAM is growing quickly – because it has become mainstream. Seven years ago we had to convince people it was important. But DAM is also evolving (and will eventually change its name) because customers need to go beyond simple monitoring. They need more automation, auto-discovery, and preventive controls that support more stringent security, compliance and granular access policies– without requiring additional staff or disrupting existing infrastructures.