Application Security, Inc. (AppSec), a provider of database SRC solutions for the enterprise, and Securosis, a security research and analysis firm, have partnered to provide what they are describing as the industry's first comprehensive guide to quantifying enterprise database security processes.
"What we wanted to do was go to some of the experts in the industry who have not only been analysts but also lived in this environment and have them systematically go through the process and document everything from organizational considerations down to specific steps and then provide a means to quantify the man hours, the expenses, and the technologies associated with each step in this process," Thom VanHorn, vice president of marketing, AppSec, tells DBTA.
When it comes to database security and compliance, it is not just one organization, emphasizes VanHorn. "It is not just the DBAs and it is not just your security operations guys, and it is not just your IT management that needs to be involved. All of those groups need to be involved. We have always seen that that the communications in a lot of companies between those groups is not necessarily the most open and the most fluid, but with a document like this that everyone can buy into and see the specifics, it really allows those organizations to communicate better, and achieve a common goal."
"Measuring and Optimizing Database Security and Compliance Operations: An Open Model," was sponsored by AppSec and researched and written by Adrian Lane, analyst and CTO, and Rich Mogull, analyst and CEO, of Securosis. Called "DB Quant" by Securosis - short for Database Security Quant Research Project - the guide aims to provide insight into common database security tasks, with the goal of enabling organizations to better understand the security costs of configuring, monitoring and managing databases.
"We know that there is a problem with database security. The studies we have shown with Unisphere Research have shown that, and the breaches continue to escalate, so it is clear that people are struggling with how to deploy appropriate database security and compliance solutions," says VanHorn. "When we go out to customers, we see DBAs and security teams struggling with all their security solutions. There is so much on their plate that they have not been able to focus exclusively on database security. And, it is complex; if you look at this guide, it goes through six major phases of the cycle, 21 sub-processes, and dozens of steps in each of those sub-processes." The document is 80 pages long and took 18 months to complete.
"Measuring and Optimizing Database Security and Compliance Operations: An Open Model" is available for download from Application Security, Inc.