Database Security Articles
IBM and Security First Corp., a data high availability and security company, have announced a joint development agreement aimed at delivering increased performance, security, and high data availability to storage and cloud-based computing customers.
Posted August 08, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management software, has introduced Vormetric Data Security for SAP, a comprehensive solution that protects data in SAP environments with transparent, high-performance encryption. According to Gretchen Hellman, vice president of product management at Vormetric, SAP modules often contain sensitive data that is under the jurisdiction of the growing numbers of internal governance mandates and external regulations, and so require advanced protection from insider abuse and external breaches.
Posted July 27, 2011
Oracle has introduced the Oracle Exadata Storage Expansion Rack to offer customers a cost-effective way to add storage to an Oracle Exadata Database Machine. "There are customers, earlier Exadata Database Machine customers, that have now started to fill up the disks that they have on the Database Machine and they are starting to look for ways to expand their storage capacity, and so this is going to be really welcome for them," says Tim Shetler, vice president of Product Management, Oracle.
Posted July 27, 2011
The Oracle Applications Users Group (OAUG), the world's largest user knowledgebase for Oracle Applications users, is launching the OAUG Educational Series 2011, a virtual learning series offered to OAUG members from Aug. 8-19, featuring the most popular presentations from the COLLABORATE 11 - OAUG Forum.
Posted July 25, 2011
CA Technologies' Mainframe Security Management products have met the requirements of Common Criteria, an independent security certification recognized by governments in more than 26 countries, including the United States. "CA ACF2 and CA Top Secret are widely used by enterprise level customers, both government and commercial customers, and it's incumbent on us to be diligent in keeping the products current with the most rigorous global security standards," Mark Combs, distinguished senior vice president, mainframe at CA Technologies, tells 5 Minute Briefing.
Posted July 25, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management solutions, and Fortrex Technologies, Inc., a provider of services and systems for IT security, operational risk, and compliance, have formed a strategic partnership to address the needs of organizations facing regulatory compliance data protection requirements, including the HITECH Act and the Payment Card Industry (PCI) Data Security Standard (DSS). With this partnership, Fortrex, a certified assessor for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) and PCI DSS Qualified Security Assessor (QSA) company, will offer Vormetric Data Security. "To have a partnership between an encryption vendor and a certified assessor means that the assessor has reviewed the technology and made sure that all of the features within the technology fit all the detailed requirements under the regulations - and there are quite a few," Gretchen Hellman, vice president of marketing and product management, Vormetric, tells 5 Minute Briefing.
Posted July 19, 2011
Melissa Data Corp, a developer of data quality and address management solutions, has announced that its Address Check Web Service is now available on Windows Azure Marketplace DataMarket for Microsoft's Data Quality Services (or any client that embeds the API). Address Check provides real-time address verification and standardization for U.S. and Canadian addresses. Users, from both small and large businesses, can easily add Address Check to their applications to save money on postage and reduce undeliverable mail and shipments by cleaning up inaccurate, incomplete, or undeliverable addresses at point of entry. "It is basically on demand. As they need a service they can use Microsoft's Data Quality Services to link up to the marketplace and pick and choose the types of services almost on an à la carte type of menu," Greg Brown, director of marketing for Melissa Data, tells 5 Minute Briefing.
Posted July 19, 2011
Dataguise, a provider of enterprise security intelligence solutions, has announced a high performing database cloning privacy solution to support test, development and analytic uses in data warehousing environments. According to Dataguise, its sensitive data discovery and masking solutions complement NetApp's solution for rapid cloning of large Oracle data sets to enable efficient and secure distribution when running on the Cisco Unified Computing System (UCS) platform.
Posted July 19, 2011
Symantec Corp. announced that privately-held Clearwell Systems Inc., is now part of Symantec. The acquisition agreement between Symantec and Clearwell was announced on May19, 2011. According to Symantec, the acquisition of Clearwell brings together leading archiving, backup and e-discovery offerings to provide customers with a comprehensive information management solution.
Posted July 12, 2011
Oracle has agreed to acquire Pillar Data Systems, a provider of scalable SAN Block I/O storage systems. The acquisition will help Oracle deliver a complete line of storage products that runs Oracle software faster and more efficiently, the company said. Oracle president Mark Hurd and John Fowler, executive vice president of Systems at Oracle, followed up the announcement with a webcast last week in which they elaborated on Oracle's storage strategy and the importance of the capabilities that Pillar adds. They were joined by Phil Bullinger, senior vice president, Storage, at Oracle.
Posted July 11, 2011
As the economy shifts to expansion mode, and businesses start hiring again, a familiar challenge is rearing its head. Companies are scrambling to find the talent needed to effectively run, maintain, and expand their technology platforms. This is not a new problem by any means, but this time around, it is taking on a greater urgency, as just about every organization relies on information technology to be competitive and responsive to growth opportunities. A new survey of 376 employers finds a majority depend on the educational sector - universities and colleges - to provide key IT skills, often in conjunction with their own internal training efforts. However, few of the executives and managers hiring out of colleges are entirely satisfied with the readiness of graduates.
Posted July 07, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management software, has introduced Vormetric Data Security for SAP, a comprehensive solution that protects data in SAP environments with transparent, high-performance encryption. According to Gretchen Hellman, vice president of product management at Vormetric, SAP modules often contain sensitive data that is under the jurisdiction of the growing numbers of internal governance mandates and external regulations, and so require advanced protection from insider abuse and external breaches. The solution can encrypt, protect and control access to both structured as well as unstructured data - including SAP reports, archives and database extracts. "It is comprehensive protection for SAP data," says Hellman.
Posted June 27, 2011
Dataguise, a provider of enterprise data privacy solutions, has introduced its latest generation of database security solutions for sensitive data discovery, masking and sensitive data risk management. DgSuite 3.5 provides proactive risk-based enterprise security intelligence and solutions for transparently securing personally identifiable information (PII), payment card industry (PCI) data, information covered by HIPAA regulations and other sensitive data located in structured database repositories across distributed enterprise environments. The new release features the new DgDashboard for actionable intelligence that enables executives, information security professionals, compliance and infrastructure managers to better understand shared responsibilities for protecting data. "It is the first time that CIOs and CISOs have a control board that they both can access to view what is going on in their enterprise," Allan Thompson, executive vice president of Dataguise, tells 5 Minute Briefing.
Posted June 24, 2011
HP has unveiled a new suite of software which it says is designed to rationalize, measure and improve IT performance called the HP IT Performance Suite. The suite provides CIOs insight from across a comprehensive range of solutions to manage and optimize application development, infrastructure and operations management, security, information management, and financial planning and administration. Each product in the HP Software portfolio improves the performance of the discrete IT functions addressed, while a new IT Executive Scorecard helps technology executives optimize overall IT investments and outcomes.
Posted June 24, 2011
Oversight Systems' Oversight 6.2 solution has achieved certified integration with the SAP BusinessObjects Process Control application to further help organizations identify fraud and errors with continuous transaction monitoring. Through the integration, Oversight alerts SAP BusinessObjects Process Control of potential control violations identified by transaction monitoring based on event-driven defined rules, proactively providing the last line of defense.
Posted June 22, 2011
With data breaches rocking large organizations with alarming regularity, Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions for the enterprise, today announced new enhancements to its flagship enterprise platform, DbProtect. The latest version (v6.3) of the database security solution now includes the ability to block real-time attack and unauthorized activity. In addition, DbProtect will now include rights management support for IBM DB2 and Sybase ASE environments, joining the previously announced capabilities for Oracle Database and Microsoft SQL Server. "AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we're bolstering those capabilities with an active defense," says says Josh Shaul, CTO, AppSec.
Posted June 22, 2011
Talend, a developer and distributor of open source middleware, has announced Talend Cloud, a cloud-enabled integration platform that provides a unified integration platform for on-premise systems, cloud-based systems and SaaS applications. Based on Talend's Unified Integration Platform, it also provides a common environment for users to manage the entire lifecycle of integration processes including a graphical development environment, a deployment mechanism and runtime environment for operations and a monitoring console for management - all built on top of a shared metadata repository.
Posted June 21, 2011
Varonis Systems Inc., a provider of data governance software, has released a new version of its solution, targeted at Microsoft Exchange administrators seeking increased visibility and control over mailboxes and public folders. DatAdvantage for Exchange provides greater visibility into activities, such as who deleted a message or a folder; who changed permissions; who sent a message on behalf of someone else; who changed the content of an email and forwarded it as or on behalf of the original sender; who accessed an inbox, read emails and then marked them as unread. The challenge with the Microsoft Exchange native journaling and diagnostics tools is that they only capture a limited amount of data, according to Varonis. "With this latest update, our customers not only have a critical audit trail that they didn't have previously, but they also benefit from Varonis' automated analysis of that audit trail," David Gibson, director of strategic accounts and technical marketing for Varonis, tells 5 Minute Briefing.
Posted June 14, 2011
Dell says it will resell RainStor's specialized data retention database to support solutions such as application retirement and retention of machine-generated data. RainStor, a data storage infrastructure software company, designs and sells technology that enables data to be de-duplicated and compressed, while still accessible online through standard SQL language and BI tools. "The RainStor-Dell solution combines the object storage capabilities of the Dell DX with RainStor's online data retention (OLDR) repository," Ramon Chen, vice president of product management at RainStor, tells 5 Minute Briefing.
Posted June 13, 2011
BeyondTrust, a provider of authorization management solutions, announced the release of PowerBroker Database Monitor & Audit, designed to provide IT security departments monitoring and visibility of privilege user database administration, activities and security. The new release incorporates technology as a result of BeyondTrust's recent acquisition of Lumigent Technologies, which specialized in database activity monitoring. The new toolset is intended to extend visibility beyond the scope of basic database security, providing analysis on how database changes directly impact business operations, Jim Zierick, executive vice president of product operations at BeyondTrust, tells 5 Minute Briefing.
Posted May 31, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management for physical, virtual and cloud environments, has joined the Cloud Security Alliance (CSA). The non-profit organization promotes the use of best practices for security within cloud computing, and offers education on the uses of cloud computing to help secure all other forms of computing.
Posted May 31, 2011
Informatica Corporation has announced Informatica Cloud Summer 2011, a major new release of its cloud integration service. The Informatica Cloud Summer 2011 release enables universal cloud integration and unified hybrid deployment for both on-premise and cloud deployments. The new release provides ease of use cloud features to enhance the simplicity of learning, deploying, administering, managing and configuring cloud integration, as well as enterprise-class functionality, including fine-grained access controls and delegated administration.
Posted May 25, 2011
Symantec Corp. has signed a definitive agreement to acquire Clearwell Systems, Inc., a privately held vendor in the e-discovery market for a purchase price of approximately $390 million, net of Clearwell's existing cash balance of approximately $20 million. "As information continues to grow at unprecedented rates, the biggest challenge for customers is to protect, manage and backup this information as well as have the ability to categorize and discover it efficiently," said Deepak Mohan, senior vice president, Information Management Group, Symantec. The acquisition is expected to close in the September quarter.
Posted May 19, 2011
Symantec Corp. has announced Symantec Enterprise Vault 10, Enterprise Vault.cloud, and Cloud Storage for Enterprise Vault to enable organizations to manage and discover their information faster and with greater efficiency and scale, both on-premise and in the cloud. Symantec Enterprise Vault 10 software will add new integration with Symantec's data loss prevention and encryption technologies to archive and discover organizations' information without compromising confidential information, in addition to allowing organizations to discover data stored in the cloud and from social networks. Symantec's software-as-a-service-based Enterprise Vault.cloud will offer unlimited cloud storage for email, with rapid search and access, for a flat fee per mailbox per month.
Posted May 10, 2011
Cleversafe Inc. has announced that it has been issued five patents by the U.S. Patent and Trademark Office, helping the company build its portfolio around information dispersal. In addition, the company has two allowed patent applications, and, as of April 11, 2011, 65 published pending U.S. patent applications. The company also has more than one dozen foreign pending patent applications, and continues to file more U.S. and foreign patent applications. The capabilities that these patents represent are the foundation techniques that are required to build and deploy large scale storage systems, Chris Gladwin, president and CEO of Cleversafe, tells 5 Minute Briefing.
Posted May 02, 2011
There's a wide disconnect between the individuals charged with ensuring database security and those in corporate management at those organizations. And while database professionals and managers are charged with overseeing information security, many are actually not aware of the level of corporate commitment. This is a key finding from the "2011 ISUG Report on Data Security Management Challenges," based on research conducted among ISUG members by Unisphere Research, a division of Information Today, Inc., and sponsored by Application Security, Inc. The study drew responses from 216 data managers and professionals, and the full 37-page research report is being offered as an ISUG member benefit.
Posted April 29, 2011
Quest Software has unveiled Quest Backup Reporter for Oracle, a new desktop solution that offers DBAs a dashboard view of all of the Oracle backups across the enterprise that they are managing and also provides drill-down views into a single database for more detailed reporting. In addition to simplifying and cutting the time needed to report on the status of Oracle backups, the new solution is also aimed at reducing the risk associated with failed or poorly performing backups.
Posted April 21, 2011
Database Trends and Applications (DBTA) met with Oracle Applications Users Group (OAUG) president Mark C. Clark during last week's COLLABORATE 11 conference in Orlando, Florida. Now, more than 2 years following the financial meltdown of late 2008, it is clear that more users are again out attending COLLABORATE. "We have gone through a period of very tight IT budgets, a 2-to-4 year phase of maintenance. Everybody I am talking to is looking at opportunities to do projects this year. And if they aren't doing it this year, they are planning for it next year," said Clark, commenting on the renewed enthusiasm for attending the conference.
Posted April 19, 2011
Application Security, Inc. (AppSec), a provider of database SRC solutions for the enterprise, and Securosis, a security research and analysis firm, have partnered to provide what they are describing as the industry's first comprehensive guide to quantifying enterprise database security processes. "What we wanted to do was go to some of the experts in the industry who have not only been analysts but also lived in this environment and have them systematically go through the process and document everything from organizational considerations down to specific steps, and then provide a means to quantify the man hours, the expenses, and the technologies associated with each step in this process," says Thom VanHorn, vice president of marketing, AppSec.
Posted April 13, 2011
With the annual Oracle users conference COLLABORATE about to begin, Andy Flower, president of the IOUG, spoke with 5 Minute Briefing about the IOUG's strong areas of focus in terms of overall conference content, and how the addition of the MySQL user base into the Oracle community is evolving. Citing a MySQL keynote, 75 sessions at COLLABORATE focused on MySQL, and a new MySQL Council headed by Sarah Novotny, Flower says the IOUG is making strides in giving voice to the MySQL community within the IOUG and setting a stage for positive interaction with Oracle.
Posted April 06, 2011
Oracle has announced three new integrations in support of its open and integrated technology stack. Enhancing its backup and recovery capabilities for Oracle Exadata Database Machine, Oracle's Sun ZFS Storage Appliance now directly connects to the Oracle Exadata InfiniBand fabric to simplify deployments and accelerate backup and recovery time by more than 50% compared to traditional NAS systems. Oracle Virtual Desktop Infrastructure now provides integration with the Sun ZFS Storage Appliance with rapid iSCSI provisioning that automates desktop provisioning and accelerates virtual desktop deployments. Additionally, Oracle Secure Backup is qualified for Sun ZFS Storage Appliance backup and recovery with Oracle's scalable StorageTek tape libraries.
Posted April 06, 2011
Organizations today are beginning to understand that, second to their employees, data is their most critical asset. Consequently, they need to approach data management as they approach capital management - by employing disciplined methodologies utilizing automation and actionable intelligence. Once employed, these methodologies secure and protect data in a scalable and repeatable fashion, without requiring additional intervention from IT personnel or disturbing business processes. In the age of information overload, with the explosive growth of unstructured and semi-structured data, best practices help organizations of all sizes effectively manage, control and protect this valuable asset.
Posted April 05, 2011
Continuent, Inc., a provider of replication and clustering solutions for open source databases, announced the next version of Tungsten Enterprise, a replication and data management solution for MySQL and PostgreSQL. This latest version of Tungsten Enterprise includes a number of features to improve the management, performance, flexibility and reliability of Tungsten clusters. The new release also includes architectural changes to Tungsten Replicator, as well as connectivity improvements, upgrades to MySQL binlog parsing, and PostgreSQL replication.
Posted March 29, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee has also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. McAfee's coordinated approach based on the Security Connected initiative launched in October 2010, involves protecting a company's most important data assets from network to server to the database itself, resulting in data being protected in every state (data in motion, data at rest, and data in use) via access controls, network security, server security, data protection and encryption - all centrally managed to minimize risk and maximize efficiency.
Posted March 23, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. "Every organization stores their most sensitive information in databases, either directly or through their key business applications," states Nathan Shuchami, CEO of Sentrigo. "The regular stream of public breach announcements is evidence that we must all do much more to protect mission critical database environments, and Sentrigo has been working for more than 4 years to develop a suite of products to best secure these assets. As part of McAfee, Sentrigo will be in a position to deliver these best-of-breed solutions to address a much broader range of customer's database security and compliance challenges."
Posted March 23, 2011
Despite highly publicized data breaches, ranging from the loss of personally identifiable information such as credit card and Social Security numbers at major corporations to the WikiLeaks scandal involving sensitive U.S. Department of Defense and U.S. State Department information, and the "alphabet soup" of compliance regulations, data around the globe remains at grave risk, according to John Ottman, president and CEO of Application Security, Inc., who has written "Save the Database, Save the World" to focus attention on the problem and present steps to its solution. While super secure networks are important, that alone is far from enough and a layered data security strategy with a commitment to "protecting data where it lives - in the database" must be pursued to avoid risks posed by outside hackers as well as authorized users, says Ottman. A stronger government hand may be needed as well to defend "the critical infrastructure that operates in the private sector," he suggests.
Posted March 23, 2011
Microsoft extended support for all editions of SQL Server 7.0 ended on Jan. 11. Considering that this edition was initially replaced 11 years ago by SQL Server 2000 (and there have been three more major releases since), this may not seem to be big news. However, I'm always amazed by the number of DBAs I meet who are still responsible for keeping a few instances of this, or even version 6.5, running in production.
Posted March 09, 2011
The recent public release of thousands of leaked U.S. State Department cables by WikiLeaks continues to shake up governments across the world. The information captured and sent out to the wild is not only an embarrassment to U.S. government officials whose candid assessments of foreign leaders were exposed but also to the fact that that the organization with the tightest and most comprehensive data security technologies, protocols, and policies in the world unknowingly fell victim to a massive data breach. Can private corporations or smaller government agencies with less-stringent security protocols and standards expect to do any better? Securing data is tough enough, and now, with the increase of initiatives such as virtualization and cloud computing, the odds of loss of control and proliferation of sensitive data become even greater.
Posted March 09, 2011
A member of the Oracle Applications Users Group (OAUG) since 1992, Mark C. Clark recently took over as president of the organization. Recently, 5 Minute Briefing chatted with Clark about what's in store for members at the annual Oracle users conference COLLABORATE as well as for the year ahead. Helping members prepare for an upgrade to Oracle Applications Release 12, providing additional smaller, more targeted regional events, and a continued emphasis on a return to the basics with networking and education are at the top of his to-do list for 2011.
Posted March 08, 2011
HP has announced enhancements to the HP TippingPoint Reputation Digital Vaccine (RepDV) service that protects enterprises from the latest security risks by providing greater visibility into malicious activity on corporate networks. HP TippingPoint launched the Rep DV service last June to deliver current lists of malicious or suspicious websites to customer-deployed TippingPoint IPS solutions and automatically block traffic to and from these sites. The list is updated every 2 hours and is powered by HP's Digital Vaccine Labs (DVLabs), a security research and development organization.
Posted March 07, 2011