Terry Ray is the Chief Product Strategist for Imperva, Inc., the leading provider of data security solutions. Terry consults directly with Imperva’s largest global customers on industry best practices, threats, organizational challenges and industry regulations. He also, operates as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. During his 13 years at Imperva, he has deployed hundreds of data security solutions to meet the requirements of customers and regulators from every industry. Terry is a frequent speaker for RSA, Gartner, ISSA, OWASP, ISACA, IANS, CDM and other professional security and audit organizations in the Americas and abroad. Since 2003, Terry has specifically focused his efforts on data security and risk, working with companies to help them discover and protect sensitive data, and create controls to minimize risk for regulatory governance and best practices. He can be reached at [email protected]
Data Security, Audit and Compliance: Like Mixing Oil and Water / Database Security for Enterprise Security
Data theft occurs every day and that data almost always originates in databases. Why then does IT security have so little control over database security? Why is database security left to DBAs, data owners and business units who have little security expertise? Is security a priority for DBAs and should they be responsible? How do you meet security and compliance needs when it seems
everything you try impacts the database?
Data security starts at having eyes on the data.
If you’re not watching the data, you can’t hope to secure it. This means database monitoring, but most organizations think they can’t monitor databases, because of perceived
database performance impact, the database itself doesn’t support effective
auditing or some other reason.
The reality is that lack of data visibility is the greatest gap in data center security and compliance that currently exists in almost every organization today. Why?
This presentation will describe many of the real and perceived challenges with database security. We will cover the reasons why DBAs may be reluctant to audit and explain why many of those reasons are no longer valid.
Today, security teams are typically responsible for securing data, so there’s no reason why security teams shouldn’t have full visibility and control of database activity to achieve their mission.