While run-of-the-mill hackers and spammers tend to attack desktop computers, serious information thieves are more interested in cracking databases where crucial company and personal information is stored. While database vendors keep adding security features, there continues to be a market for third-part products that monitor and repel attacks on databases. Security vendor nCipher plc next week plans to add support for more databases to its security product.
The vendor's SecureDB product, which can protect Oracle databases, will add support for IBM's DB2 and Microsoft's SQL Server databases. SecureDB includes software and a hardware device that sits next to a database server or on the network and watches for intrusions and attacks.
SecureDB helps security administrators determine which information stored in a database should be encrypted and which can be left unencrypted, enforces company security policies, and provides analysis tools to better manage security. The system uses hardware encryption keys so the data is protected even if the database server is stolen or copied, the company says. The system also lets administrators set access rights to control which employees are able to access information in the database.
Encrypting information in a database is becoming a requirement for many businesses, and more will follow that approach as companies are sued over data theft and unauthorized disclosures of information, one industry analyst says. Gartner analyst Eric Ouellet says the new product from nCipher gives administrators greater control over what data is to be encrypted and improves security by separating the encryption keys from the database. "NCipher lets customers offload the encryption key with the module, so an attacker can't get to it as readily as he could a software-only encryption key."