February 2, 2016 By Lynne Murray 2 min read

I’m pleased to post this article on behalf of Stacey Gregerson, data security engineer at Westfield Group.

Those of us in data security and database management are entrusted with extremely valuable assets: our organization’s data. We work in a world in which we continually assess and manage risk. We must be constantly vigilant against attacks from the inside and out.

I’ve been doing this work for 20 years, and I am in constant communication with my data security peers. I was one of the early adopters of IBM Security Guardium, and it has been an extremely valuable tool to achieve a higher level of data security.

With my experience and my talks to many other organizations that are initiating new data security programs using Guardium, I think I have a good feel for the practices that can help organizations succeed. All of us have been in the same boat — Guardium beginners — and to be honest, getting started with any new security tool is not easy.

Three Stages of Data Security

Not surprisingly, I’ve discovered that some organizations that bite off more than they can chew run into problems that can affect the success of the project. I know because I did the same thing with my first deployment. Since then, I have learned that a data security strategy should be handled in three stages: crawl, walk and run.

1. Crawl

First, crawl by collecting basic monitoring information that will satisfy initial audit requirements for the most high-priority databases. This is easily done using the default security policy with perhaps a few modifications.

2. Walk

Next, you walk by adding such things as privileged user monitoring and reporting. You can build advanced monitoring that is project- and database-specific.

3. Run

Finally, you can run. That may include using features such as data classification, blocking use of the S-GATE functionality or making the whole environment more efficient by leveraging workflow capabilities.

Learn More at InterConnect 2016

Setting priorities and realistic goals is critical to the ongoing success of any data security project. In my session at IBM InterConnect 2016, I will share examples of specific things to add to your communication checklist when working with other groups, from audit reporting requirements to showing database administrators (DBAs) how database activity insights can help them improve performance. It’s also critical to show value right away, and I’ll have examples of how you can demonstrate to management and other groups instantaneous value for the investment.

Join me on Tuesday, Feb. 23, at 8:30 a.m. in the Mandalay Bay South Lagoon B in Las Vegas for “Three Guardium Deployments: Westfield Group Shares Lessons Learned.”

More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today