Protecting Critical Database Information. The nations fastest growing crime: Identity theft.

The nations fastest growing crime: Identity theft. According to two studies conducted by Gartner Research and Harris Interactive, approximately 7 million people fell prey to this crime between July 2002 and July 2003. That equals 19,178 per day, 799 per hour, 13.3 per minute.

(PRWEB) August 8, 2005 -- A survey conducted by the Computer Security Institute disclosed that most databases experience some kind of security breach every year; and these add up to average annual losses of about $4 million. A staggering 70% of them are by internal employees, and more than 95% of intrusions result in financial losses. Given this state of affairs, one wonders how important database security is; as opposed to other forms of network security. 90% of sensitive information is contained in databases; and protecting them from unauthorized access is critical. Among all security technologies such as network-layer firewalls, network monitoring, SSL secured communications, operating systems and application hardening, data protection technologies need to be extremely robust, for databases can be the point of maximum vulnerability.

Many firms make back up tapes of all data in a 24 hour period to be stored in an off-site location. Chances that such a tape could fall into wrong hand and misused are high. Data encryption is a solution in this case. Deploying cryptographically enforced access control to information ensures that only authorized personnel have access to the data. Even IT department employees and DBAs do not need access to encryption keys. However, the database security system should be application transparent -- meaning there should be no need to make changes to underlying applications.

A data security system must be capable of establishing a secure audit trail for tracking and reporting activity around sensitive data. Fast performance, ease-of-implementation, scalability across applications are other concerns.

Data security is now mandated by government legislation and industry regulations. Audit committees are stringent about protecting customer related information and corporate sensitive data. Proper access control, selective encryption of stored data, separation of duties and centralized independent audit functions are some requirements for protecting non-public personal information. GBLA (Gramm-Leach-Bliley Act) compliance is required of financial institutions, which states that they implement suitable access and security controls. Non-compliance can lead to severe regulatory fines and CEOs and directors can be held personally responsible and legally liable.

Application transparent encryption technologies can be implemented as fast as one to three days with negligible performance considerations. Separating responsibilities of access to sensitive information between the security officer and the database administrator ensures further efficacy of these technologies. Valuable database security information is available on website such as http://www.itinfosecure.com to help information technology professionals choosing the right security product. A key strategy for companies to enhance their reputation, profitability and overall well-being is to ensure data-protection.

It has ceased to be the responsibility of the IT department alone - it is linked to the very survival of an organization.

# # #

About ITinfosecure:

http://wwww.itinfosecure.com (ITIS) was launched by a group of IT security professionals with decades of experience in the industry. From sales to services the ITIS team has extensive knowledge on what end-user customers desire in a security solution from SMB to Fortune 100 companies.