POINT OF VIEW

Introduction

Data breaches can occur to any organisation at any time, with high-risk industries being those with strong regulatory boundaries including healthcare and pharmaceuticals, financial services, utilities, education, etc. It is almost an inevitability that these industries get targeted due to the nature of the data they hold – usually customer or patient data.

As the old proverb goes – knowledge is power.

The impact on customers is seen in the form of their data becoming exposed and sold, and even an increase in the service they receive from the organisation that lost their data. Protecting data is important for a variety of reasons, not just limited to the business costs.

Research into the cost of data breaches in 2022 found that of the 550 organisations interviewed, only 17% reported this was their first breach. If nothing else, this showcases the importance of learning from your first breach and putting the relevant security measures in place to reduce the chances of it happening again.

Figure 1 – Measured in days. Data courtesy of IBM.

Despite the immediate threat and problems that come with losing data (likely customers’ personal data), the time to detect and protect against data breaches is high. IBM found that organisations took 243 days to identify and 84 days to contain breaches depending on the breach source (see below).

Figure 2 – Measured in days. Data courtesy of IBM.

Sources of data breaches range from stolen credentials to remote work risks to ransomware attacks and beyond. Having a software to manage and monitor data access and data storage can heavily impact the cost and time related to recovery in the case of a breach.

Data costs. It pays to keep it safe.

Figure 3 – Measured in USD millions. Data courtesy of IBM.

This is where IBM Guardium comes in. Native database security comes as default, but tends to create a zero-trust environment due to a lack of custom configurations and monitoring. Zero trust means no one can be trusted – regardless of their seniority, role, or time at the organisation.

The point of zero-trust is that no matter who you are, you are assumed to be a threat in some capacity due to a lack of security protection and access monitoring. Considering threats can come from all sources, you don’t want to fear your own shadow.

So how can this all be avoided?

What is IBM Guardium? Is it the solution for me?

IBM Guardium is the solution for organisations who face regulatory and compliance issues, store sensitive data, or have faced previous data breaches. Identifying where risks may arise is valuable to businesses, normally you won’t know you’re vulnerable until it is too late.

Brand reputation and customer trust can be jeopardised if data is lost, accompanied by a loss of revenue and staff time spent recovering.

IBM Guardium is a database security product that helps prevent data leaks from databases, data warehouses and big data environments, ensures information integrity, and automates compliance controls in line with defined rules.

IBM Guardium can be configured to discover, classify, analyse, protect, and control access to sensitive data. Properly managing user access to data is important in knowing individuals minimum necessary access, and do not have too much access without realising, reducing the risk of accidental breaches.

Additionally, IBM Guardium assists in the creation of reports, audits, alerts, metrics, and compliance processes. Having this information readily available means organisations can assess their risks and plan accordingly.

So, where does Responsiv come into this?

Responsiv has expertise in database security using a number of products including IBM Guardium, IBM Verify Identity, IBM Verify Privilege, and Randori.

Looking specifically at IBM Guardium, Responsiv has experience in deploying and monitoring Guardium as well as setting up the software in accordance with organisational requirements.

Responsiv will help administer database security policies, configure the software to your requirements, perform vulnerability assessments and set up Guardium to monitor data and file activity, and more.

Responsiv’s Database Security Needs Assessment

Responsiv use its skills and expertise to understand the business drivers for additional security and how those needs are currently being met, and any gaps or improvements are identified.

We will recommend appropriate mitigations that may include additional security products if justified, but may be making more effective use of existing infrastructure and security processes.  

Responsiv’s IBM Guardium Health Check

Responsiv’s IBM Guardium Health Check comprises of a full evaluation of a current installation of the product suite and its sub-components.

These health checks can be customised to customer needs, whether you are looking to migrate away from another product to IBM Guardium, or require an evaluation of your database estate to understand your business case.

How does it work?

Here is a brief overview of how Responsiv conduct our IBM Guardium health checks:

1. Review existing documentation used for database monitoring, on-boarding, access controls, upgrading and alerting for Guardium

By doing this, we can understand how you set up and use your database monitoring software and how you allocate permissions. This will be a benchmark for your organisation’s practices and provide an idea on implementing best practices.

2. Assessment of Guardium appliances and monitoring agents version release levels and make recommendations for patching and tuning where required

Assessing software versions will highlight any compromises from the use of EOL or EOS software – you can read more about the risks associated here.

3. Review security policies to ensure that the Guardium Collector appliances are optimally configured

Reviewing security policies will help in understanding if Guardium (or other software) is configured in line with organisational policy. If not, this will be highlighted as a point for action.

4. Review system alerts, capacity, CPU, and memory buffer utilisation

How are you utilising the functionality available to you? Can it be optimised in any way to improve the system?

5. Check scheduled jobs are functioning correctly

When you have got scheduled jobs, are they working the way they were intended to, or is the configuration off? How can this be optimised?

6. Review security alerts

Are security alerts set optimally, and do they correctly inform users of the issue?

7. Check throughput of the volume of monitored traffic and make recommendations where necessary for expansion when new database monitoring is required

Is the software running optimally in line with the volume of traffic or is there a requirement for increased capacity for spate conditions?

8. Produce a report documenting our findings and recommendations

This report will include all the findings and recommendations that come from the health check. It will highlight any potential compromises, as well as ways to improve configurations in line with business requirements.

If the health check was to create a business case for implementing IBM Guardium, the report will outline the pros and cons of moving away from your existing database security provider.

Conclusion

No one is immune to data breaches. Threats can come from any vector, including in-house or through partners and supply chains.

Taking steps to optimise your data security is never going to be non-valuable. Understanding and managing access to your data is crucial to monitoring threats and improves the rate of identifying where and when breaches occur.

IBM Guardium does this for you.

To find out how to optimise your data security with IBM Guardium, get in touch today!