March 16, 2016 By Scott Forstie 3 min read

Data governance encompasses all the technologies and processes you need to secure business critical data. Customers, governments and industries are designating more and more data as critical. As the volume and variety of critical data increases, you may feel like Dorothy on her way to Oz: Skipping down the Yellow Brick Road, picking up companions that have complementary skills to help you manage (or govern) data.

I work on DB2 for i, which is the integrated database that is the heart and soul of the IBM i platform, formerly known as iSeries, System i, AS/400 and other names. My day begins and ends with all things database. That may strike you as a sad proposition, but in actuality, it’s a great life because I get to help clients achieve their goals and satisfy mandates.

What’s a Database Mandate?

More and more, IBM i clients are being told they have to comply with requirements to:

  • Limit, mask and/or encrypt access to data;
  • Track the actions of highly privileged users;
  • Track all changes to specific tables;
  • Detect attempts to circumvent authorization;
  • Recognize the proliferation of sensitive data; and
  • Demonstrate and measure the continual efforts to govern the data center.

IBM Security Guardium can be used to satisfy many of these important database mandates for IBM i clients.

My on-demand Guardium tech talk includes an explanation of how Guardium technologies such as Database Activity Monitor (DAM), Vulnerability Assessment and Classifier can help IBM i clients meet compliance and data governance requirements. They can also protect against insider threats, cybercriminals and other bad actors, all while integrating with the broader security infrastructure.

Using Technologies to Achieve Compliance

Database activity monitoring is a very strong solution for satisfying DB2 for i monitoring requirements. DAM is integrated with DB2 for i and can be used in production environments where client expectations are sky-high.

A simple example would be to show how DAM can be used to capture instances where entire tables are being copied. As shown below, we can see that DAM can capture both SQL and command line techniques for copying tables.

Another strength of DAM with DB2 for i is its comprehensive SQL capture, including host variables and parameter marker values, which are known as bind variable values in Guardium lingo.

Figure 2 below shows an example of the execution of an UPDATE statement. DAM serves up the essential forensic data, making it possible and easy to analyze the activity, determine when an incident has occurred and identify the scope of impact.

Learn More About Guardium Security Options

If you’ve read this far, you should consider watching the on-demand Guardium tech talk to hear more about your options for IBM i data governance using Guardium. There will also be more opportunities to learn more at security conferences slated for this year.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today