RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > News > Security News > NCipher Enhances Databae Encryption Solution
Search:
[ news_security_news ]

NCipher Enhances Databae Encryption Solution



SecurityProNews
Staff Writer
2005-04-04

SecurityProNews: News RSS Feed Security News RSS Feed


nCipher announced that its next-generation database security solution, SecureDB, now provides support for IBM DB2 and Microsoft SQL Server in addition to its previously announced support for Oracle.

SecureDB is a highly sophisticated, easy-to-deploy database security solution that protects sensitive "data-at-rest" within multi-vendor database environments.

Recent moves by state and federal governments toward regulating how companies handle consumer information and a number of high-profile security breaches involving sensitive data highlight the need for enterprises to impose more stringent security on credit card numbers, social security numbers, intellectual property and other sensitive information that resides in corporate databases.

In a recent report by research firm Gartner Inc., Research Director Rich Mogull addresses the need for enterprises to protect sensitive data and the risk and cost for those that fail to do so.

"By 2005, enterprises that do not encrypt stored, sensitive data will spend 50 percent more than enterprises that take this step, because of failure to comply with regulatory or contractual data protection requirements (0.7 probability)." The report continues, "By year-end 2006, failure to encrypt credit card numbers stored in a database will be considered legal negligence in civil cases of unauthorized disclosures (0.8 probability)."(1)

Encryption is widely accepted as the ideal solution for protecting data-at-rest as it provides fail-safe protection unlike other access controls. However, to date it has not been widely deployed due to the complexity of custom integration work, variance in different database platforms and the performance impact of encrypting the entire contents of the database. Whereas lower level encryption techniques, such as waiting until data is physically stored, protect against theft of the storage media itself they fail to address the threats posed by illegitimate actions of authorized internal users.

SecureDB enables users to encrypt just the sensitive information in a company's database leaving non-sensitive information unencrypted. It includes a unique policy enforcement application and database analysis tool designed to streamline deployment and to selectively apply this additional and important layer of security in the most efficient manner. SecureDB's column level approach minimizes the performance impact of encryption at this high profile point of attack as well as provides protection for the data as it is communicated and handled below the database level such that even if the storage infrastructure is breached, or if the storage media is stolen, unauthorized people will still not be able to access sensitive information.

Furthermore SecureDB provides for a separation of duties designed to eliminate the "super-user" threat by dividing authority between security and access. For example, the database administrator may grant access to data but cannot grant rights to decrypt sensitive data. A security officer, on the other hand, may grant rights to decrypt sensitive data but cannot grant access to data. Now with the ability to support multi-vendor database environments, which is common in many large organizations, this new security officer role can be applied uniformly and independently of the various database infrastructures and their respective operational and administrative staff.

"As perimeter security breaches become increasingly common it is clear that encryption will become a ubiquitous underlying technology for a comprehensive security infrastructure. Encryption will be to security as IP is to networking," said Jeff Montgomery, product manager for data encryption at nCipher. "nCipher is leading the way to the era of the encrypted enterprise with practical security solutions that enable organizations to efficiently protect their networks and comply with present and future security regulations. SecureDB is the first proof point of Cipher's commitment to providing a solutions-based approach to enterprise encryption."


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds