Data Security Beyond Regulatory Compliance - Protecting Sensitive Data in a Distributed Environment

Ulf T. Mattsson

Protegrity Corp.

January 11, 2007

Sending sensitive information over the Internet or within your corporate network as clear text, defeats the point of encrypting the text in the database to provide data privacy. The sooner the encryption of data occurs, the more secure the environment. An Enterprise level Data Security Management solution can provide the needed key management for a solution to this problem. A combination of application firewalls, plus the use of data access monitoring and logging may, if effectively applied, can not provide reasonable equivalency for the use of data encryption across the enterprise since such a combination of controls does have multiple weak spots, when it comes to preventing damage from careless behavior of employees or weak procedures in development and separation of duties. Some regulations requires that Web-facing applications should be guarded against attacks that can have serious consequences. There are no guarantees that any one approach will be able to deal with new and innovative intrusions in increasingly complex technical and business environments. However, implementation of an integrated security program which is continuously audited and monitored provides the multiple layers of protection needed to maximize protection as well as historical information to support management decision-making and future policy decisions.

This solution will protect data at rest, and also while it's moving between the applications and the database and between different applications and data stores. Stronger database security policies and procedures must be in place to accommodate the new environment. Centralized database management security must be considered to reduce cost. Implementing point or manual solutions are hard to manage as the environment continues to grow and become more complex. Centralized data security management environment must be considered as a solution to increase efficiency, reduce implementation complexity, and in turn to reduce cost.

Number of Pages in PDF File: 21

Keywords: Encryption, Data Security, Compliance, PCI, GLBA

JEL Classification: C88

Open PDF in Browser Download This Paper

Date posted: March 27, 2007  

Suggested Citation

Mattsson, Ulf T., Data Security Beyond Regulatory Compliance - Protecting Sensitive Data in a Distributed Environment (January 11, 2007). Available at SSRN: https://ssrn.com/abstract=960623 or http://dx.doi.org/10.2139/ssrn.960623

Contact Information

Ulf T. Mattsson (Contact Author)
Protegrity Corp. ( email )
One Cantebury Green
Stamford, CT 06901
United States
HOME PAGE: http://www.ulfmattsson.com
Feedback to SSRN

Paper statistics
Abstract Views: 1,245
Downloads: 221
Download Rank: 108,822