Computerworld - As an organization that is mandated by law to comply with data privacy and security regulations, The Henssler Financial Group has implemented all of the usual technologies, such as firewalls and intrusion-detection systems, to protect its perimeters and networks.
About two years ago, the Marietta, Ga.-based company decided to augment its security measures by deploying a data-auditing tool from Acton, Mass.-based Lumigent Technologies Inc. behind its firewalls.
Lumigent's Entegra product allows Henssler to monitor data access, changes and views, and modifications to its SQL Server database structure.
The tool is crucial to ensuring the integrity of the company's stored content, says Chief Technology Officer Tim O'Pry.
"As a financial services company, if someone does something they are not supposed to, we need to know that," O'Pry says. An auditing tool such as Entegra allows Henssler to detect all database-related activity "regardless of what someone might do" to conceal that, he says.
Increasing concerns over data loss and compromise are pushing companies such as Henssler to consider measures for securing hitherto unprotected data lying in storage networks and databases. The trend marks a shift from the traditional approach of deploying purely network- and perimeter-oriented defenses.
Driving the trend are privacy regulations that require companies to demonstrate due diligence when it comes to protecting data, such as the Health Insurance Portability and Accountability Act (HIPAA) and California's SB 1386 database-breach notification law.
A less-stated yet equally important reason for the increased focus on data protection is that traditional network perimeters have begun to fade away. As companies use the Internet to link up with partners, suppliers and customers, the notion of a clearly definable network edge has fallen by the wayside. The trend is prompting greater scrutiny of technologies for protecting stored data.
Image Credit: Gina Triplett
Also fueling concerns are incidents such as the recent string of high-profile security breaches at ChoicePoint Inc., Bank of America Corp. and LexisNexis, each of which resulted in the compromise of large volumes of confidential data.
"There are massive piles of sensitive data in storage networks and databases that have gone largely unprotected," says Richard Moulds, a director at nCipher Corp., a vendor of encryption products in Cambridge, England.
Companies have myriad ways to try to protect such data, including measures for access control, activity monitoring and auditing, as well as encryption of sensitive information, says Richard Mogull, an analyst at Stamford, Conn.-based Gartner Inc.
Prat Moghe, president of Tizor Systems Inc., agrees. "In terms of security technologies, there are many different approaches to this problem," says Moghe, whose Maynard, Mass.-based start-up offers a data-access auditing tool similar to Lumigent's.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
