Light Dark
February 2, 2016 By Lynne Murray 2 min read
Data Protection

I’m pleased to post this article on behalf of Stacey Gregerson, data security engineer at Westfield Group.

Those of us in data security and database management are entrusted with extremely valuable assets: our organization’s data. We work in a world in which we continually assess and manage risk. We must be constantly vigilant against attacks from the inside and out.

I’ve been doing this work for 20 years, and I am in constant communication with my data security peers. I was one of the early adopters of IBM Security Guardium, and it has been an extremely valuable tool to achieve a higher level of data security.

With my experience and my talks to many other organizations that are initiating new data security programs using Guardium, I think I have a good feel for the practices that can help organizations succeed. All of us have been in the same boat — Guardium beginners — and to be honest, getting started with any new security tool is not easy.

Three Stages of Data Security

Not surprisingly, I’ve discovered that some organizations that bite off more than they can chew run into problems that can affect the success of the project. I know because I did the same thing with my first deployment. Since then, I have learned that a data security strategy should be handled in three stages: crawl, walk and run.

1. Crawl

First, crawl by collecting basic monitoring information that will satisfy initial audit requirements for the most high-priority databases. This is easily done using the default security policy with perhaps a few modifications.

2. Walk

Next, you walk by adding such things as privileged user monitoring and reporting. You can build advanced monitoring that is project- and database-specific.

3. Run

Finally, you can run. That may include using features such as data classification, blocking use of the S-GATE functionality or making the whole environment more efficient by leveraging workflow capabilities.

Learn More at InterConnect 2016

Setting priorities and realistic goals is critical to the ongoing success of any data security project. In my session at IBM InterConnect 2016, I will share examples of specific things to add to your communication checklist when working with other groups, from audit reporting requirements to showing database administrators (DBAs) how database activity insights can help them improve performance. It’s also critical to show value right away, and I’ll have examples of how you can demonstrate to management and other groups instantaneous value for the investment.

Join me on Tuesday, Feb. 23, at 8:30 a.m. in the Mandalay Bay South Lagoon B in Las Vegas for “Three Guardium Deployments: Westfield Group Shares Lessons Learned.”

 |  |  |  | 
Lynne Murray
WW Program Director, IBM Security for Guardium

More from Data Protection
January 27, 2025

How secure are green data centers? Consider these 5 trends

4 min read - As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations…

January 21, 2025

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

January 3, 2025

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature