Santa Clara, Calif. (PRWEB) December 21, 2009
Sentrigo, Inc., the innovator in database security software, has announced its top data security trends to watch for in 2010.
Exploiting Known Database Vulnerabilities Getting Easier
In the coming year it will be easier to perform attacks, which will become more sophisticated and completely automated. The result will be an increase of random attacks that no longer target a specific company, but instead look for specific vulnerabilities. Readily available toolkits on the Internet allow hackers of all skill levels to penetrate databases using sophisticated attacks. Every quarterly CPU from Oracle, as well as many of Microsoft’s patch Tuesday releases, announce new vulnerabilities that are quickly rolled out into these toolkits enabling immediate attacks that exploit published vulnerabilities.
Data Security will Continue to be an Obstacle for Cloud Computing, but Solutions Will Begin Arriving
Cloud Computing makes it inherently harder to protect data since the data frequently moves and can be replicated without notification, and the applications that access this data are also highly transient. This will prevent many organizations from moving to a cloud model for applications with compliance requirements where auditable proof is required. Organizations will solve issues of securing data in the cloud using methods that attach data controls to the underlying database and centrally manage the policies and logging, even in a highly dynamic environment.
Pressure to Meet Regulatory Compliance Tied to Economic Conditions
The dichotomy between companies cutting back on spending and increased pressure for regulatory compliance will drive organizations to invest in solutions that help them achieve the bare minimum level of compliance. Businesses will pursue technology that provides adequate protection and low total-cost-of-ownership. Ease of implementation, cost of entry and time-to-compliance are going to be key decision making criteria. As the economy recovers, leading organizations will begin to view increased security as a differentiator for their offering, and will consider going beyond the regulatory requirements.
A New Type of Threat: External Attacks from the Inside
Generally, companies have viewed attacks as either coming from outside the network perimeter or from internal users abusing privileges. However, the line between internal and external is blurring as a result of several new attack vectors:
- Organized crime targeting specific companies by inserting “sleepers” to infiltrate the organization as employees or contractors, solely for the purpose of gaining access to sensitive data;
- New types of malware, easily embedded in relatively innocuous looking sites, that take control of internal machines and attack autonomously from within;
- As the ramifications of a depressed economy continue to result in increased and longer periods of unemployment, the use of financial means to leverage insiders to assist outsiders via bribes or extortion will become more common.
Solutions that protect data, regardless of the source of the attack, will therefore be an essential component of an organizations’ security strategy.
Minimizing the Surface Area of Attack Will Become the Next Wave to Reduce Exposure
Companies will begin aggressively removing sensitive data as soon as possible, much like the wave of email retention policies limiting exposure in eDiscovery.
“Once students have graduated, do you need to keep their payment history? Once a credit card transaction has passed the dispute window do you still need to store the cardholder data?” asks Slavik Markovich, CTO and co-founder of Sentrigo.
Where sensitive data is required by multiple applications, and these applications store data locally, organizations will utilize techniques like tokenization. Instead of storing a credit card number or social security number, they will store a token that can retrieve this information securely when necessary, ensuring that only a single database houses the actual credit card number. By adequately protecting a single source and encrypting data in transit, exposure is significantly reduced.
Sentrigo, Inc. is a recognized innovator in database security. The company’s Hedgehog software provides full-visibility database activity monitoring and real-time protection and has been rapidly adopted by Global 2000 companies to defend mission-critical data against insider misuse as well as outsider intrusion. Enterprises across industry sectors are also using Sentrigo Hedgehog to accelerate compliance with regulatory requirements such as PCI DSS, Sarbanes-Oxley and HIPAA. Sentrigo has won wide acclaim for its industry and technology leadership by publications such as Network World and SC Magazine. For additional information and to download Hedgehog, visit http://www.sentrigo.com.
Sentrigo, Sentrigo Hedgehog, Hedgehog Identifier, Hedgehog vPatch and the Sentrigo logo are trademarks of Sentrigo, Inc. All other trademarks are the property of their respective holders.