Database security has come under the spotlight after a
fledgling UK company, Secerno, suggested that databases are wide
open to attack from growing insider threats.
Secerno claims that over 60% of UK employees have access to
computer records and that 41% have access to records that are not
necessary for their job. One in ten employees has been tempted to
abuse this access; and 56% of employees have no restrictions placed
on the information they have privileges to access.
Databases contain organisations’ key assets, especially their
customers’ details. These assets range from research data,
development plans and price lists through to credit card
information, health records and buying habits.
Previously, Secerno says, there was no way of stopping internal
employees with the necessary permissions from accessing a database
and abusing those access rights. But Secerno claims to have
developed a unique appliance that understands the patterns of
normal access to each individual corporate database and adapts to
changing usage patterns.
Secerno says the appliance can be installed in a matter of
minutes and will then learn normal database usage, protecting the
system without complicated user intervention, as well as helping
companies meet their compliance requirements.
There is little doubt that database security is due for a
renewed focus, given its importance within the organisation.
Secerno’s product is intriguing, though its novel approach of
‘learning database usage’ may need to be sold harder. I would
rather be told that a product will categorically protect X, Y and Z
than hear that the software will ‘learn’ my usage. My view is that
‘learn’ is a woolly description; and Secerno should come up with a
harder-hitting alternative.