Database Activity Monitoring is a key process in the data protection suite of activities. Databases being the key place for data storage, database activity monitoring and additional services such as database firewall, vulnerability virtual patching etc. are key in the process of data protection
The importance of this protect become so visible after the recent acquisitions of Guardium by IBM and Sentrigo by McAfee. There are a number of other service providers who are into the Database Activity Monitoring business.
Before deciding a product for you database activity monitoring, one need to look into some of the following factors:
- Consider this as part of the data protection program. Develop short, mid and long terms objectives of Database Security as well as data security. Map your objectives with the system features offered by the vendor. Also assess the roadmap from the vendor on the future plans of the product enhancements
- Understand the offering and decide whether to choose an agent based or agentless solution. Agent based is better, if you have local connection established by the users directly at the server
- This should be part of your overall security monitoring program and should not work in isolation. If it is not part of the overall security monitoring program, it is highly likely that it would be a product and not a solution which is implemented
According to Gartner four emerging towards Database Activity Monitoring (DAM) are:
- Data/Information Governance
- Enterprise data security
- Enterprise Security monitoring
- Database Security Management
I would see the Database monitoring in the context of all the four above and would recommend to assess the solution at least within the above 4 approaches. Unless an organization has built the information governance structure which include the first three approaches listed above, the database activity monitoring and the database security would remain a stand-alone process. Just like any stand-alone process the chances of it failing would be high when compared with an integrated approach for database security.
When discussing the importance of database activity monitoring, the regulatory requirements are to be considered as well. Key regulations / standards which would require database monitoring to be implemented includes PCI DSS, HIPAA and SOX. In addition, anticorruption laws and data breach notification requirements are as well requires database security and monitoring. These regulations are some of the compelling drivers for implementing database activity monitoring