In contrast, setting policy across disparate IT elements is far more complex. What policy do we need to protect our sensitive data across the web application, the database, packaged, apps, and so on?
Holy moly - a committee of twelve could work on that for weeks and not get anywhere. And even if they did - would you really be better off?
If you got lucky and picked the right attack vectors across the several thousand possibilities - maybe.
Databases ultimately house the crown jewels at most organizations.
The millions of conduits to this data are merely the means to an end of lost data or grounds for a failed audit.
While protecting these conduits (which is essentially what security professionals have tried to do over the past 10 years) may necessary, it's certainly not sufficient - witness the many data breaches and failed audits.
Extending our control framework to where our data lives is certainly at least part of the solution because the conduit becomes irrelevant. As such, basic scanning and monitoring directly at the database level is arguably the quickest bang for the buck right now for security and compliance pros.
Application Security, Inc. provides database security solutions for the enterprise and was named to Inc. Magazine's 2007 list of America's Fastest Growing Private Companies (Inc. 500). Its products proactively secure databases and delivers up-to-date database protection that minimizes risk for companies.
