FREMONT, CA -- (Marketwire) -- 09/15/11 -- Dataguise (http://www.dataguise.com), a leading innovator of data security intelligence solutions, today pointed to a new study of 3,765 publicly disclosed breach incidents resulting in financial losses of more than $156 billion. Published by the Digital Forensics Association, the August 2011 report titled, The Leaking Vault - Six Years of Data Breaches(1), revealed that hacking was responsible for 48 percent of all security breaches making it the "loss leader." To address these security concerns, recommendations indicated in the report include data mapping to understand where all instances of sensitive data reside throughout an organization and the importance of technologies such as data masking to prevent unauthorized disclosure.
In the report, the leading causes of data breaches were examined over a six year period across thousands of reported incidents. As part of the findings, breach vectors were reviewed to determine the areas of highest risk in order to help organizations understand where to spend their limited security budgets. Among the highest area of concern was the inability of organizations to pinpoint where the sensitive data within their organizations was residing. Without knowledge of where this information is located, the proper techniques for securing this data cannot be applied. To monitor such sensitive data, technologies specifically designed to track and monitor must be utilized in order for data security to be realized.
A large percentage of attacks in these environments resulted from the lack of proper policies or technologies to mitigate attacks. As noted in the study, "Over 83 percent of companies use, real (live) customer or employee information in development and testing, and 51 percent of these companies admit they do not take appropriate steps to protect real data." Because development, testing, quality assurance and business analytics are typically outside of the production network and beyond an organization's security perimeter, it is often overlooked. However, this makes sensitive data in these environments an easily achievable target for both insider and outsider attacks. A simple solution to this challenge is the use of data masking to annonymize these repositories in the production environment before releasing outside the network.
Discovering Sensitive Data
Knowing what sensitive information exists in the enterprise, and where the data is located, is an essential requirement for any organization's information security program. Dataguise addresses the challenge of identifying and locating sensitive data with DgDiscover, a component of DgSuite. By finding data repositories deployed in enterprise networks and searching repositories for sensitive data, DgDiscover provides security and compliance professionals with the information they need to implement effective privacy risk remediation and provides managers the timely intelligence they require to manage their risk.
Securing Data Outside of the Network
Leading enterprises today have improved the way they secure their production databases and enterprise applications. Many of these same enterprises, however, are not paying enough attention to how this data is being used for activities such as development, test, QA, support and business analysis. Once data is duplicated from a production source, multiple copies of that data can proliferate throughout the enterprise. Personally Identifiable Information (PII) and other sensitive or proprietary information can be exposed to external users such as outsourced development partners, or viewed by internal users who don't have a "need to know," making this data an attractive target for data compromising malware attacks.
DgMasker, a component of DgSuite, masks sensitive application data sets with a highly scalable, masking-in-place technology that leverages the computing power and features of the database platform. With DgMasker, data administrators quickly define customized masking policies from an extensive library of pre-defined data masking options. DgMasker's exclusive CUPS (Consistent, Unique, Persistent, Synchronous) options allow users to place additional constraints on how the data is masked, enabling them to meet virtually any downstream application requirements. DgMasker supports heterogeneous databases through a single user interface so administrators can define masking policies for applications across databases from Oracle, IBM and Microsoft.
"Technology managers, line-of-business owners, information security professionals and compliance officers need solutions to help them locate, identify, protect and manage the sensitive data in their organizations," said Allan Thompson, EVP, Operations, Dataguise. "Dataguise addresses this challenge with an integrated set of enterprise applications for centrally managing sensitive data privacy without relying on a cocktail of disparate security solutions."
For additional research data and resources on sensitive data discovery and data masking visit:
Tweet this: Research Reveals Increasing Requirements for @Dataguise #SensitiveDataDiscovery and #Masking Solutions - View Report at http://bit.ly/aZuAqL
Follow Dataguise on Twitter at: http://twitter.com/dataguise
Dataguise helps organizations safely leverage their enterprise data with a comprehensive risk-based data protection solution. By automatically locating sensitive data, transparently protecting it with high performance Masking on-Demand, and providing enterprise security intelligence to managers, Dataguise improves data risk management, operational efficiencies and regulatory compliance costs. For more information, call 510-824-1036 or visit www.dataguise.com
(1) The Leaking Vault - Six Years of Data Breaches, The Digital Forensics Association, August 2011: http://www.digitalforensicsassociation.org/storage/The_Leaking_Vault-Five_Years_of_Data_Breaches.pdf