imperva CEO谈数据安全

http://www.itbriefingcenter.com/programs/gartner_imperva.html

Data Security: Key trends, drivers and risks

Trends, Drivers & Risks
1. Risks are largely data-centricand associated with legal & regulatory compliance issues
2. Protecting intellectual property, financial&healthcare information is a high priority


What technologies can organizations use to address these Data Security challenges?

Data Security Challenges
1. Identity and access management(IAM):who are you and what are you allowed to do?
2. Encryption: Taking clear text data and manipulating it through the use of mathematical algorithms
3. Enterprise digital rights management: Takes an IAM framework and builds it around encryption
4. Monitoring: Provides organizations with a detailed understanding of how data is being utilized

What are the potential risks when companies rely solely on native audit logs?

Native Audit Logs
1. Native logging capabilities have significant limitatins
2. Increase in CPU utiliztion & data storage requirements
3. Issues surrounding management of database consoles
4. Limited ability to aggregate & analyze activity across platforms
5. Segregation(分隔) of duties may be problematic  ---Maybe your DBA has the access to logs, and you don't want

that.
6. Increased activity can result in large, unwieldy(庞大的) logs


What are the primary Use Cases for DAM(Database Activity Monitoring) solutions products?

Primary Use Cases
1. Privileged user monitoring: Keeping an eye on database administrators(DBAs) and other privileged system users
2. Fraud(欺诈) detection & Monitoring: Managing users with legitimate credentials who overuse access to data,

maliciously or accidentally


What will be the next cirtical Data Security issues facing the market?

Next Critical Issues
1. Data protection: Operating in silos is not effective; protecting data throughout the lifecycle if vita!
2. Discovery: Cnfidential data must be protected but is offen difficult to locate; understanding where data resides is key
3. Prevention: Database intrusion prevention technologies must be deployed to prevent malicious, accidental activities.


It is not sufficient to protect the database alone, all the associated applicatins need to be secured.

Imperva SecureSphere delivers end-to-end, holistic approach to Application Data Security
  +Web Application FireWall (WAF)
  +Database Activity Monitoring(DAM)
  +Database Security