Deloitte releases paper on vetting leaks, avoiding costly hoax
Deloitte releases paper on vetting leaks, avoiding costly hoax

This month we look at application security, particularly databases and we have a real treat for you with two emerging product groups. Those two groups cover a couple of the most challenging functions that we need to perform on our enterprise: on-line fraud management and data classification. All three topics are challenging for different reasons.

First, databases are hard to secure in an age where the perimeter has all but disappeared. Web front-ends connect more or less directly to backend databases and under some conditions it seems as if the connection between the data and the user is direct and uninhibited. That's not true of course – or isn't supposed to be – but under the wrong circumstances an intruder can gain the level of access that makes it appear to be.

The fraud management challenges are more or less obvious, even if the solutions are not. To manage fraud you need to identify it. That is the first problem. Then you need to stop it. Second problem. Finally you need to make sure that you can identify the fraudster if he or she returns so that you can block them quickly and easily. All three are hard problems but our emerging products do a nice job of dealing with them.

Last, anyone who has ever tried to deploy DLP without data classification knows how challenging – and ineffective – that can be. However, data classification – especially for legacy data – can be equally as challenging. Our emerging products in this group address those issues in unique ways. DLP simply does not work well if you don't have the data classified and people don't like to be troubled with classifying documents and email. What is needed is a product that makes that chore easy or, at best, nearly transparent to the users.

The database security group was surprisingly small – only two products – but that gave us the opportunity to take a good look at them and to spend some serious time on our emerging products. It also gave us the time to set up our second SC Lab facility at Norwich University where we will be using the able talents of Sal Picheria (who you may recall from last month), Ben Jones (one of the lead system administrators in the Center for Advanced Computing and Digital Forensics at the university) and James Verderico. Setting up a test lab in a 114 year-old building had its challenges but the Center is well equipped and we called on it for the testing infrastructure that we need.

With all of this going on – three disparate types of products and the building of a new lab – we had a full month but the results, I think, speak for themselves. The reviews this month are solid and the products themselves impressive. As usual I had the honor of writing the emerging product section. This is one of my two favorite sections along with First Looks. These let me peek around the corner, so-to-speak and see what's coming early in the game.

So, with all of that said, and the scene set for some interesting reviews, let's get this show on the road and start with our first products. I especially hope that you will enjoy the double dose of emerging products so feel free to drop me an email and let me know what you think.