Crawl, Walk, Run: Data Security Deployment Advice
I’m pleased to post this article on behalf of Stacey Gregerson, data security engineer at Westfield Group.
Those of us in data security and database management are entrusted with extremely valuable assets: our organization’s data. We work in a world in which we continually assess and manage risk. We must be constantly vigilant against attacks from the inside and out.
I’ve been doing this work for 20 years, and I am in constant communication with my data security peers. I was one of the early adopters of IBM Security Guardium, and it has been an extremely valuable tool to achieve a higher level of data security.
With my experience and my talks to many other organizations that are initiating new data security programs using Guardium, I think I have a good feel for the practices that can help organizations succeed. All of us have been in the same boat — Guardium beginners — and to be honest, getting started with any new security tool is not easy.
Three Stages of Data Security
Not surprisingly, I’ve discovered that some organizations that bite off more than they can chew run into problems that can affect the success of the project. I know because I did the same thing with my first deployment. Since then, I have learned that a data security strategy should be handled in three stages: crawl, walk and run.
First, crawl by collecting basic monitoring information that will satisfy initial audit requirements for the most high-priority databases. This is easily done using the default security policy with perhaps a few modifications.
Next, you walk by adding such things as privileged user monitoring and reporting. You can build advanced monitoring that is project- and database-specific.
Finally, you can run. That may include using features such as data classification, blocking use of the S-GATE functionality or making the whole environment more efficient by leveraging workflow capabilities.
Learn More at InterConnect 2016
Setting priorities and realistic goals is critical to the ongoing success of any data security project. In my session at IBM InterConnect 2016, I will share examples of specific things to add to your communication checklist when working with other groups, from audit reporting requirements to showing database administrators (DBAs) how database activity insights can help them improve performance. It’s also critical to show value right away, and I’ll have examples of how you can demonstrate to management and other groups instantaneous value for the investment.
Join me on Tuesday, Feb. 23, at 8:30 a.m. in the Mandalay Bay South Lagoon B in Las Vegas for “Three Guardium Deployments: Westfield Group Shares Lessons Learned.”