InformationWeek: The Business Value of Technology

To understand how to secure big data, you have to understand what it is — and what it isn’t. As organizations set about building big data clusters, they’re finding that many of the best practices for securing such clusters are the same used to secure any ­corporate data. However, there are some big differences as well.

Database activity monitoring, or DAM, is an effective compliance and security strategy. However, not every DAM system will work the same in every organization. Indeed, not every organization can even make use of every feature that DAM systems provide. In this report we examine what DAM can and can’t do, and recommend how to evaluate and implement the best system for your organization.

In this report, we recommend database security strategies and tools for smaller enterprises and workgroups—as well as for smaller databases—that have a big stake in protecting their data but don’t have big budgets or skilled, and dedicated, ­security staff.

Web-facing databases have a huge target on their backs. The easy way to secure these databases would be to take them off the Web, but a system that does not serve a business function is worthless to the company.
Security pros must figure out ways to secure databases with limited resources while keeping business systems operational. In this report, we recommend several cost-efficient methods.

Enterprises are swimming in the sea of data generated by networks, servers, personal computing devices and applications, but they are thirsty for actionable data. In this report, we recommend ways in which ­security professionals can dig through huge storehouses of log data, security event information and other monitoring data to identify and halt compromises or threats. The good news: This Herculean task can be eased—at least somewhat—by leveraging existing systems and insight.

Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand.

The biggest threat to your company’s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them—and do serious damage. Follow our advice to mitigate the risk.

IBM and its database customers didn't always give much thought to protecting their DB2 data. Both are now stepping up. Here's how and why.

Security has not been a priority for DB2 users, and for years IBM lagged behind the rest of the industry when it came to protection features. But a realization that DB2 is increasingly vulnerable to threats has spurred something of a transformation. Here, we explain why DB2 users need to focus on security, and how to meet essential vulnerability assessment and remediation, monitoring and audit requirements using tools in the IBM portfolio.

Securing the Oracle database has never been easy: The product is widely deployed across the globe, supporting myriad installations and dependent applications, and attempts to secure it are bedeviled by challenges: inconsistent patching, complex deployment environments and legacy installations of old versions, for starters. In this Tech Center report, we explore those challenges, and the many options the company now provides to meet them.