Well, good morning, good afternoon. Or maybe even good evening. Ladies gentlemen, depending on where in the world you're currently located. Welcome to another K call webinar. My name is Alexei Balaganski. I'm a lead Analyst at K call and I am joined today by desire.
I'm Goli, the offering manager of IBM security. The topic for today is database security, protecting your company's core competence in the age of digital transformation. And the webinar is supported by IBM. Before we begin just a few words about call. We are an independent Analyst Analyst company founded around 13 years ago.
We headquartered in VIBA in Germany, but we have a global reach with a team spread across the whole world from the us to UK continental Europe, Southeast Asia, up to Australia, we offer neutral advice, expertise, and so leadership on multiple topics, including information security, identity, access management, risk management, and compliance, and basically everything concerning the digital transformation.
What we do is we offer three major areas of service, including research, various types of product and vendor related publications ranging from the kind of short and concise recommendations and product reviews up to multiple vendor comparisons across different market segments. And by the way, we are going to discuss one of those leadership C as we call it today, the secondary is organizing events ranging from large conferences, including our flagship one with over 700 participants, European identity cloud conference, which we usually have in Munich in may each year.
And of course going all the way down to webinars like this one today. And the third one, the third area of our expertise is advisory. Basically working with specific companies, both vendors and, and users, helping them with their transformation, the digital automation, speaking of events, or you just missed our recent event, the consumer identity world in Seattle.
That was our first us based event and pretty successful one to your next year in Seattle, I guess, or CEO in Paris, just about two month.
And in December CEO in Singapore, we also have other events planned for next year, various topics from digital marketing to finance, and again in maybe behind our European identity cloud conference. Okay. Some guidelines for the webinar. You are all muted centrally, so you don't have to worry about your microphone. We are recording this webinar and we will publish it as a webcast. As usual tomorrow, we will notify each registered. When the webinar recorded will be available. You are encouraged to ask your questions as, as we will be presenting.
So you can use their questions panel on the go to webinar control bar on your right bottom screen. You right bottom corner on the screen, we will be reading them aloud and of course answering them in the end of the webinar.
And this is our agenda for today. Traditionally, we have three parts agenda.
First I, as an Analyst, be talking about the security challenges for databases in the age of digital transformation and actually about the very definition of the database rapidly changing. And as I promised, I will present some results from our recent leadership on database security solutions. Then I will hand over Togo who will be talking in more detailed about security, best practices for databases, not just in the cloud, but basically everywhere within your hydrogens or it infrastructure. And she will give a presentation or of IBM security guardian solution.
And in the end, we will be going to have a Q and a session. And let me begin with our question. How many of rhetorical question, of course, how many of people hearing about database security think, oh, wow, this is so boring. It's about as fresh and relevant as talking about firewalls, right?
Well, this can be, this cannot be further from truth database security is indeed a very mature and long established segment of information security, but with all the ongoing changes in the market in the whole society in the way modern enterprises are working, it's quickly coming back to the frontier of information security again, and this is exactly what we are going to talk about today. So on this slide, I have collected just a few interesting statistics. So according to a very nice website called bridge level index, 5 million records are stolen in data breaches every day.
This is about 60 records per second. As we speak, of course, as you know, the number of breaches on all critical verticals like healthcare, financial institutions and government offices are increasing. And about 90% of those breaches include some kind of sensitive information, be it to personal identifiable information of view or customers or financial records.
And so on healthcare, you name it and only 4% of those breaches, tiny minority can be named safe. That is the data that was stolen, could never be used by hackers because it was somehow protected for example, encrypted.
And of course you all heard about the Equifax bridge. Recently. This is not the biggest bridge by numbers.
Only, only 143 million users in the us were affected. But with all the repercussions afterwards, this is probably going to be the biggest information security related event of 2017. And some experts already say they will have major influence on future government regulations in the us comparable to the GDPR in the European union.
And you know, every time different vendors are talking about data breaches, they would give you various statistics like, you know, so, and so many percent of breaches were caused by misused privileged accounts or so, and so many percent of breaches affected point of sale terminals and so on and so forth.
However, they all forget to mention the most important statistically, really a hundred percent of breaches targeted your data. Doesn't matter how your company is breached. It's always, the hackers are always coming after your data and whether you like it or not.
So vast majority of business critical data is still stored in databases. Databases are arguably still the most widespread widespread technology for storing business data, paid financial healthcare, industrial, any kind of data, and or this most corporate data must be protected against compromises of integrity, confidentiality from a huge number of different attack vector, and most importantly, databases, common, whereas flavors, which we are going to be talking about a little bit later and all of those types of databases have their own security models, requirements, vulnerabilities, and so on.
And this follows database risks or rather data risks are covering the whole range of it. Technology tech from, you know, physical access, the actual server hardware up this tech, you know, network identities, applications, APIs, or malware cloud on this slide. I won't read all these risks allow, but you can definitely see that there is a lot.
I mean, the attack, the possible attack purpose for data stores in a database is huge. And it has to be covered with a lot of different solutions. Most of them are of course not tied specifically to a particular type of the database to all the whole database or security permeates. If you build other areas of information, security network, cloud identity and access management and so on. So when we are talking about database security, we are thinking about lots of various interrelated, but very different technologies on this screen.
You can see, or that even trying to list all the different technologies, which are to a certain extent used in data protection, takes the whole slide, just names. And by far, I have not tried to list all possible attack vector, but you can see that the database security can be structured into several major areas to actually protecting the data stored in the database, protecting the actually database software itself, protecting the access to those data or maintaining the constant overview of what's going on with the data, all this and compliance.
And of course, infrastructure security, although not directly related to databases alone plays huge role be to, as I mentioned, physical through security or protecting your network, or just told me don't, I mean started the whole topic of cloud. You have a lot of specialized webinars covering that topic alone. It's so complicated. And finally database security has to be plugged into the whole multilayer security infrastructure of any corporation, which is usually powered by the security patient center, which is listed in the top, sorry, in the bottom right corner of the slide.
So here database security alone is complicated, but it's has to be blocked into the corporate wide security architecture has to be governed by corporate policies and had to seamlessly integrate with, or such a important areas like security intelligence, and of course, incident response.
So when we talking about databases today, we have to understand that we are no longer talking about the Oracle or DB two or, or any kind of relational database. The data your, your company has spread across the whole model infrastructure can be everywhere on this screen.
You can see a rough diagram of just a subset of possible interactions between typical it systems you may have in your organization, but the they're located on premises or in some kind of industrial manufacturing environment or in the cloud, be it private or public cloud infrastructure, or just somewhere outside on the internet, or kind of moving around with your mobile workforce, into your partners, infrastructures, and even reaching out your customers and your connected devices and wearables and mobile devices. And so on databases can be found everywhere.
So when we are talking about databases, now we are actually talking about, so, I mean, I have put that base and break it into title because we really should no longer say database security, but just talk about data security in general, because as you can see the scope of data security is shifting and it's expanding dramatically because nowadays, when you are talking about database protection, you are no longer talking about your Oracle database or SAP or my square power on your website.
You're talking about north square solutions.
We're talking about data warehouses where all the data collected from industrial IOT, for example, or your manufacturing networks flowing into you're talking about big data analytics solutions, which are themselves have very loosely coupled and complicated internal infrastructure with lots of different interfaces and protocols and layers to cover and to protect. And of course we are talking about migration into the cloud.
Not only you have a massive challenge of shared data responsibility, as soon as you start migrating your applications and your data to the cloud, there is a lot of new technologies to learn. There's a lot of tech vector to think about starting with potentially the potential of insider problem, expanding towards the rogue engineers, working, say it AWS or Microsoft Azure or any other cloud provider. And of course, having a very limited access to the actual underlying cloud infrastructure limits your options in protecting data a lot.
And of course you don't have to forget about other applications. You, you, you may still have mainframe somewhere in your, in the seller. You still have to think about file stores like SharePoint, for example, or Dropbox or whatever. You have to think about legacy and modern applications. And really, you can never blame for sure for the future, because you never know what new technologies, you never know what new applications or databases will appear tomorrow. So
How do you actually address all this complexity? Yes.
We have talked in one of our previous webinars and actually we have talked a lot previously about this new, exciting concept of data centric security, which is basically, and instead of protecting your infrastructure, you are focus on protecting your data or other, your data should be able to protect itself. In theory sounds great. I really encourage you to watch a few of our previous webcasts on this topic, sorry, but we are not there yet.
Only the so-called smart data is able to protect itself from bio attacks, but we, with all that multitude of different data types and stores and warehouses, we have currently, most of them are still pretty dumb. So you still have to think about a huge and very technologically different it landscape you have to protect.
So yes, data centric security is the future, but we are not there yet. So how do we actually find the right tools for protecting all this zoom of technologies? Pardon?
Well, this is where our core leadership comes, comes in. A leadership is a multi vendor report comparing a different products from a particular it market segment and identifying the leaders technically according to warrior criteria.
So in a, in a way you can compare to a very popular square, I should say, diagram from a company which should not be named here today, but of course, leadership compass provides a few more access to rate products along. So you have more than two criteria to, to compare apple to oranges, or you say to, and just slide, see the major criteria we used to distinguish the better products from not so good ones.
So be right, our window of participating in this rating by the market position or financial strength.
So to say the size of the ecosystem, just how many partners and technological integrations they have and how efficiency are in delivering new, innovative technologies within their products, raise the product themselves by their functionality. Of course, there's a level of security or rather security by design built into the solutions with the way they integrate with other solutions from the, the same vendor. And by the way, they, I operate with third party solutions. That is how efficiently they are supporting various industry standards. And of course, how easy they are to use their usability.
In addition to that, for every leadership, we have up to eight key functional areas, which we use to compare the products functionality specifically for the database security. We have identified this eight functional areas, which are listed on the slide.
Again, I will not read them all aloud, but basically they cover all the attack vector specific for let's say data stores, not just relational databases, but all types of data stores, regardless whether they are located on premises or in the cloud or somewhere else. And of course, or last button list, we judge how well these solutions integrate into the bigger picture, into the holistic or integrated corporate security infrastructure and how well they, or the, how they can minimize the performance overhead of the solution.
So security is great, but if it hinders your productivity, not just your users will hate it, but your business mobile just grind to a halt. And of course, leading database security solution have to, as to actively implement features against it.
And, or, or I will not go into many details about the leadership compass. You can contact either copy a call or IBM for that matter. If you are curious about specific details about each product or our customers, or of course have access to all of our research on our website directly, and or if you are already in contact with IBM, they have a license from us to distribute this report as well. So I will only talk a bit about vendors we had in the rating and how they positioned.
So the first diagram is market to the ship on this screen, you can see which vendors have a bigger footprint on the market globally. And of course you can expect, you know, the usual suspects with such a huge topic with such a broad functional scope to, to ensure presence covering all these different aspects of database security.
The company has to be big in, they have to have a very strong global presence directly or through their partnership networks.
And of course you can see that Oracle and IBM are at the forefront and a bunch of other large financially sound windows like SSO Gemalto and McAfee are among the leaders and the rest are bigger or smaller companies they can they're trading behind. The next area is product leadership is this is where we are basically judge how well the product is implementing the promised functionality.
And again, actually brought functional scope. The company has to have a lot of resources, manpower experts, innovation teams are driving the development.
And again, IBM and Oracle I in the lead and other companies can only hope to catch up with them.
And you can see that we have a very close race for the first and second place. Innovation, however, is a slightly different beast because even the small company focusing on a very narrow functional segment, but doing it really well and supporting, for example, the latest technological standards or delivering some really new and disruptive technology can become a leader.
Unfortunately, again, we have all usual suspects in the lead, but a couple of smaller companies, like for example, Hexa the have almost made into the leadership segment, although they have a very tiny team with a pretty focused solution, which is great. And this is, I believe one of the aspects which are potential reader of our leadership compass should have a look to into, because such a small vendor with, but with really innovative solution can fulfill your expectations in a particular, let's say pain point quickly and reliably.
And who knows maybe just for a very small price.
However, when you combine only three access into a global, into the overall leadership graph, you can again see that our race have very close photo finish to say, and yet the solution from IBM, the product you will be going to hear about just in a few minutes, the IBM security guardian is taking the lead. I won't go into a lot of details on that, but basically IBM has better support for, you know, kind of vendor neutral databases. So they basically have a substantially broader support of databases. Oracle is great supporting Oracle.
And if you are heavily investing in that, you'll have great results with them. But if you are, have, if you have to deal with a very kind of broad view of different database technologies, well have a look at got people, definitely find so sign in there.
And basically this is about my part of the presentation. Just a few key takes key takeaways on the last slide database security doesn't get enough attention. Yet part will change soon again.
Database security is definitely not as boring as firewalls or some other boring old school technology because you know, the whole data transf digital transformation brings lots of sensitive data into the digital form, into the cloud, into the IOT, big data into various types of heterogeneous environments. So basically you have to deal with much larger complexity and you have to invest much more effort into protecting your data.
So especially if you take into consideration the upcoming regulations like GDPR or PSD two, or I'm pretty sure the, the USA will follow with similar regulations after this Equifax breach sooner or later. So not protecting your database is quickly becoming much more costly. And the second point to take is that database security is much more broad and complex that people may expect.
And although alternative approaches like data-centric security are probably the future, but we are not there yet.
You still have to deal with the dramatically complicated infrastructures to protect, and you really have to think hard about finding the right solution. Although the market has lots of solutions to offer ranging from small startups, focusing on some innovative technology plug in a single pain point up to huge global or market leaders offering you one stop solution for all your data security problems. You have to decide, you know, this management triangle paradox. If you have to choose between good, faster, cheap, you can only take two. So this is basically it.
This is my part of the presentation. I would like to hand Togo who will be talking in more details about IBM's solution to this whole database security problem.
Wonderful Alexei, thank you so much. And I am so excited to be here today to talk to everybody about guardian. And so those last few charts that Alexei was presenting wherever you saw IBM in that leadership spot on a variety of his slides on all of his slides, you should be thinking about IBM guardian, because that's really the cornerstone product IBM has around data protection.
So first I have a question for everyone out there, are you doing enough to protect your data that runs your business? So Alexei presented some incredible numbers around how many records are compromised every single day. And so much of this data resides in databases. So when you think about data being stolen, you think about all the common things, right? Credit card information, maybe it's healthcare records, maybe it's passport numbers. Maybe it's a social security number and you're right.
That data is frequently targeted, but did you know that 70% of a company's value lies and it's intellectual property? So it's the data. We all assume it is like credit card numbers, healthcare records, but it's also so much more, it's your product designs. It's your marketing strategy. It's your business cases. It's your financial plans. It's your research studies. All of the hard work your company invests in much of this information is stored in databases or file systems.
And historically organizations have tried to protect the data only from the outside using firewalls or antivirus software. Think of this, like putting a gate around your property or a lock on your front door, but in today's threat landscape in the world of zero trust, that's just not enough anymore. You need security on the outside, but you also need it on the inside all the way down to where the data resides. And unfortunately, many security solutions just don't go down to this level or they leave security to the database vendor, which can be potentially very, very dangerous.
So why, why do most security solutions that claim to protect data, really focus on the network or on the outside? And they leave the inside less protected, frankly. It's because data's challenging to secure data's dynamic. It's always growing. It's always changing. It's always moving inside outside of your organization. Data's in demand. Everybody wants it. Whether it's finance, marketing, sales, support, customer service, to your own customers that want access to all of their historical data and with the growth of mobile and cloud, everyone not only wants access to it.
They expect access to it at the touch of a button data's distributed. It's here, it's there, it's on the cloud. It's in prem, it's everywhere. And frankly, it's likely places that you don't even realize that it's at.
So for a complete data protection solution to overcome these challenges, it really needs to have three key characteristics. It has to have mature, proven, analytical tooling.
It must be able to analyze your environments to automatically discover data sources, analyze those data sources, to discover the critical, sensitive, and regulated data and analyze all of the monetary, monetary, and activity and intelligently and automatically uncover risks and suspicious behavior. It must be able to protect this includes monitoring all activity, especially privileged users with your most critical, sensitive data. And that includes monitoring both network activity as well as local activity. And of course it means encrypting your data. And finally, it must be able to adapt.
Our environments are always changing and expanding, especially now, as we expand to cloud our it landscapes are on a journey and that journey requires agility and a data security solution that can support hybrid environments and seamlessly adapt to these changes in your it landscape.
So along with the strong solution that has the key characteristics of analyzing, protecting, and adapting, you need these capabilities side by side with a data centric approach or methodology for security. This is true for cloud security. And it's true for on-prem security.
This methodology starts with discover you can't protect what you do not know. You need to find your data, especially your sensitive data. That means automatically discovering data sources that you may not have realized existed. It means classifying the data in those databases to understand where you have sensitive, regulated and high risk data. It seems like an obvious place to start, right? But I'll tell you that most organizations don't start there.
They start with monitoring and protecting that's usually because they have some sort of an immediate acute knee triggered by either a failed audit or a breach. And that's okay. Your solution should be flexible enough to start where you need to start and grow from there.
But you to have complete data protection, you either need to start from or go back to doing that. Due diligence around discovery and discovery is not a day one and done thing. Remember our environments are always changing. Data's always changing.
Discovery needs to become a consistent part of your data security approach or methodology. Next, you need to harden those data sources and the data for the data sources. That means understanding what vulnerabilities exist, who has access to it based on entitlement reports, you need to harden the data by creating policies for your data around who should be able to access your, and when that access needs to be blocked, quarantined or possibly allowed, but make sure that the data's masked before you give that person access. That last part is super important.
You know, the business needs to keep running and security needs to move at that speed over blocking access can slow down valid needs for data and stop the business from running masking based on policies.
And that level of flexibility is an excellent way to keep the business moving while also making sure you're protecting your critical data. Next you need to monitor. And some people may think, you know, but my database has logs. We can just monitor using those logs in our SIM.
And this is where security that come from your databases falls, dangerously short, your privileged users, such as your DBAs have access to those logs and updating them as they see fit. So if you are not monitoring your privileged users, how will you be able to prove to auditors that these users are not jeopardizing the integrity of your data? And last you need to protect. This means proactively stopping threats before they cause damage. And this is where again, blocking quarantining masking comes in, but while monitoring and taking protective and proactive actions is a must.
The secret sauce is really in the threat analytics, monitoring and protection must be paired with mature, proven threat analytics that covers all of your data sources, threat analytics allows you to easily understand what activities are normal everyday business, and which ones are suspect or anomalies. These are the things that we as humans. We can't possibly uncover at a large scale, but with machine learning and analytics, your data solution can do it for you.
So now let's talk about guardian specifically. Guardian's a powerful, full solution.
It's been around over a decade that optimizes on those key characteristics of analyzing, protecting, and adapting throughout everything. It does. It also has a full breath of capabilities for a data centric approach to data security. So on the left hand side of this slide, you'll see highlights of guardians capabilities from discovering your data sources to discovering. We also call it classifying your sensitive data. By the way, we also have out of the box accelerators for key regulations like GDPR, that can help you find that sensitive, regulated data much faster and more accurately.
We have the ability to harden with policies and vulnerability assessment and note on our vulnerability assessment. You know, this is a space where you're gonna find many, many vendors.
You know, it, it has its own compass. I'm sure, but again, many of these vendors focus on the outside.
They're not focused on the inside. So they focus on network vulnerabilities, not database vulnerabilities. So you always need to keep that data centric hat on, make sure that your security tools are focusing on where the data resides, not just the network. So guardian also has the ability to mask and redact, and of course encrypt the data. And along with encryption, we also have key management tooling at Guardian's heart is our data and file activity, monitoring capabilities.
You know, this is monitoring network and local access. So this capability is what allows you to look an auditor in the eye and prove to them that your privilege users are not compromising the integrity of your data.
Guardian, of course, we have the ability to protect your data with dynamic blocking masking alerts, quarantining, and we have compliance workflow. So you can manage your compliance in an automated fashion and not only tell your auditors, but easily show your auditors, how you are compliant.
You know, Guardian's really unique in, in a number of ways.
First, no other company has all of these capabilities and has them fully integrated. That's that's a big deal because it impacts your total cost of ownership. If you've got to go be concerned with integrating different piece parts of a solution, second, no other company supports the breadth of data, sourcing sources, guardian support. You'll see this on the right hand side, we support cloud environments, big data environments, data warehouses file systems, of course, traditional databases and mainframe environments. This is so important.
If you can't protect all of your data, then what are you doing? And solutions that don't give this breath of coverage leave you unprotected, or they leave you with high customization fees associated with building one off integrations. That's not good. And lastly, it's that secret sauce, threat analytics. This is what makes you highly productive and highly protected companies don't wanna spend their budgets on large security teams that spend their days looking at monitoring activities and, and logging.
It's not productive.
And it's error prone, as you can possibly get it's error prone, and it leaves you unproductive. So guardian threat analytics allows you to monitor fast amounts of information and spot the suspicious anomalies that your security team should be looking at. And focusing on this means less resources required and more intelligent protection. So specifically around cloud earlier this, we announced some new offerings specifically focused on where we're seeing many of our customers expanding to and shifting into, which are infrastructure as a service environments.
We called this, these offerings, a set of offerings, IBM guardian multi-cloud data protection. You know, these offerings provide all of the existing capabilities, which I just took you through, but they're packaged and priced specifically for these infrastructure service environments. You can think of these as an alternative way to buy guardian in order to bring your license to an infrastructure as a service provider.
So we have these offerings that they've been tested, they are supported and ready to use for all of the major vendors, whether it's IBM's cloud AWS, Azure, Google, as well as Oracle cloud. And I'll note that these are just not virtual images that you then need to manually implement in your own is environment of your choice. We actually have these images hosted in these clouds environments and they're ready to use. So I know you may not be seeing us in the cloud environment marketplaces, but don't be fooled.
We ha we are there in many cases, we've had these images in those environments ready to share with you for close to two years. So when you purchase these new offerings, we give you the quick start guides you need and all the directions with exactly where you need to go to get access to these offerings via your actual cloud vendor.
I wanted to talk to you just a little bit more around threat analytics, and I hope that I've expressed the importance of threat analytics, you know, having a, an offering that's mature, that's proven that spans across all of your data is so important for your security budgets and doing so much more with fewer resources. So this screenshot shows how you can use policy based real time monitoring to reveal behavior patterns over time. This is like taking your blood pressure over a long period of time and learning what's normal for your body. Guardian does the same thing for your data.
So what's normal activity for all of your different data sources. And then it leverages machine learning to spot anomalies automatically that can be sent for manual review by one of your security analysts, or it can trigger an action such as quarantining that user, you know, possibly a privilege user in that actual activity, basically catching them in the act and locking them right there.
And let's just stay on analytics just a, a minute longer. So guardian threat analytics allows you to aggregate masses of data.
So when you think about a requirement for a vendor, think about scalability and, and it gives you a list of prioritized threats. So these threats could include things like one of your privileged users accessing a database in the middle of the night, or attacks like SQL injections or malicious stored procedures, which are two of the leading causes of data breaches today. So we give you an easy way to consume the overall analytics, but also a ways to a way to prioritize the threat. So you know where to focus your time.
And we give you a way to drill down into each of those threats to inspect all of the specific details around them.
We have also recently announced a new offering called multi-cloud data encryption. So of course, any data-centric security solution, whether it's on-prem or in the cloud must include encryption. This offering has the ability to connect to, to one or more cloud environments, as well as hybrid environments to encrypt your file and volume data. It provides full rest API support.
It also integrates with IBM security, key lifecycle manager, and just a little bit more on our new multi-cloud data encryption. This capability works in any cloud or on any on-prem environment. So it gives you the ability to move data from Amazon or to Google or to on-prem without having to decrypt it. And re-encrypt it every single time. So having that heterogeneous support is very important to be able to automatically protect your data wherever it goes.
So I'd like to take a moment to just talk to you about a new challenge that, that Alexei mentioned that I just wanna dig into a little bit more around cloud security.
So whether you're doing infrastructure as a service platform, as a service SAS, you're outsourcing at some degree, the management of your environments, and in some cases, the management of your data. So you've gotta start thinking about all of those new privilege users that work for a third party that now have access to your data.
And you've gotta think about why in the cases of SaaS, primarily you're, you're even going to the cloud it's because you want to give more people easier access to your data. So as you think about protecting your data and who has access to it by implementing cloud you're by default now expanding the number exponentially of the different people that are gonna have access to your data.
So as you do that, you need to be, think about, think about how you're monitoring all of that, use, how you're monitoring these new privileged users, which are likely part of now a third party, as well as your own privileged users that you're used to monitoring. So compliance, of course, doesn't stop at your firewall. As you move your data to the cloud, you have to protect it in the same way. You've always protected it when it was on-prem. So you've gotta think about as I'm going to the cloud, how am I maintaining the same level of data security, no matter where the data resides.
And as you make this transition to the cloud, we wanna leave you with some requirements to think about, you know, first your data it is, or it will be everywhere. It's going, it's going to the cloud. It's gonna be on prem for a long time to come, but it's going to a cloud going to the cloud as well.
So you need to think about a security solution that can support hybrid deployment models and because your data will be so dispersed, you need to think about a single centralized data security solution, like guardian that can protect your data sources no matter where they are, and you'll need to be able to monitor users no matter where they work within your company or within a third party cloud service provider.
And you've gotta think about how you're leveraging your existing investments and how you can expand those investments easily into these cloud environments in a natural way that adapts seamlessly and maintains your consistent security and compliance standards.
So I'm really proud to say that guardian really stands out when we talk about data source coverage for both on-prem on-prem and in the cloud.
So, and this is very, very important for your overall total cost of ownership. You know, there like, like Alexei talked about there's many other vendors out there we're even starting to see SAS vendors out there, cloud vendors that are, that are talking about data protection. But if you did one layer down and you ask which data sources they support, in many cases, it's very focused, just like Alexei said, you know, that list becomes very short. So what it means is you're either left with patchy security.
You know, we're in compliance here, we we're monitoring, we're doing the right level of data centric protection with these data sources, but we just don't have the capabilities for these other data sources, or you're gonna spend a lot of money building and maintaining custom migrations to all of these data sources that just aren't studied that aren't protected.
And last, I wanna leave you with just a very common customer case study that we are, we are hearing, you know, more and more requests from our existing customer base and new customers.
And that's really a big focus on infrastructure as a service environment. You know, we have a lot of customers that are looking at platform as a service that are looking at SAS offerings. And in some cases they're doing it, but they feel much more comfortable with infrastructure as a service when you're talking about sensitive workloads and managing sensitive data in the cloud.
And so we have large, this is a specific example about a very large beverage company, but we have this example, you know, every day popping up with our existing customer base, that they're, they're looking at the investments they've made around guardian and the fact that they can have central management and easily add data sources. And they just wanna naturally and easily add these data sources that now are in the cloud.
And so that's really the driver behind our new multi-cloud data protection offerings, which are ready to use for all of the major cloud environments that can connect easily into our central management so that you have that single, consistent location in order to manage all your data no matter where it resides.
And with that, I would just like to thank everybody for your time. And I think we're gonna open it back up to a question and answer, period,
Please submit your questions using the questions panel, or, you know, on the go to webinar control panel.
And I already have the first question here, which is actually more like philosophical rather than technological. So what are innovations in the past several years have created the greatest challenges for database security and which ones are, will impact the security database security moving forward. So kind of very interesting question, because I don't really think it's about any specific technology it's about, it's all about, you know, the business requirements four decades.
The, the business is wanted to have the possibility to kind of collect and store and process as many data as possible, because this is one of the key requirements for, you know, optimizing the business process and so on, unfortunately, or they were limited in that regard, but now they're not thanks partially for, to the cloud big data and multiple other developments, you know, including the commodity hardware, powering all these innovations.
So now the companies can do what they want with the data and they do, and they don't, they no longer want to see it at a stop on their way, or this is why we have all this security problems. Cause we have to support the business in that regard
Is alright, do we want to add anything so
Alexei?
No, that, that sounded great. Will you be reading out the questions as they come in or should I,
Or sorry, I out the next question.
So, or the next question concerns as far as I can understand and rephrase it a little bit or the additional challenges which companies get when they not just store the data in the cloud, but they actually move the data between on premises and the cloud or between different cloud providers. So what do you see as a additional things they have to take into account when designing for that particular type of scenario?
Yeah, I mean, the, the number one thing that comes into mind is, is encryption ensuring that that you're encrypting the data. I know that we at IBM and within guardian, as we're focusing on our own SaaS offerings, that we are spending an enormous amount of time on secure connectivity and building a secure connector.
So, you know, anytime that you're sending that information out, it should be based on a secure connector that can ensure that nobody can have access to any of that data as it's moving from on-prem into the cloud.
Okay, great. And the next question kind of naturally continues from that.
So what, or should be the best practices for key management when you encrypting data for the cloud?
So we do have key management tooling around encryption. It's definitely not my area of expertise, but you know, I know that from, from our perspective, we always want to manage those privileged users that have access to the keys. And we always, of course, as you're managing those keys and being able to understand who has access to them, when of those keys expired, who's sharing those keys all become very important around key management.
Okay.
So yes, just short comment on my side, if you want to learn more about key management, this is really a large topic on its own. Have a look at our website. There is a lot of research we have for that.
Yeah. And we can definitely put them in touch with our offering management and our, our experts around key management to, to provide them with more details around best practices.
Okay. The next question is, do you recommend any tool for data masking?
Well, I can answer that. Of course.
Well, obviously guardian does it just, we learned that just a few minutes ago, but there are also solutions which focus specifically on that particular area, just data masking, but again, data masking alone or without kind of integration into some kind of central central management policies governing that rules for data masking doesn't make a lot of sense. So data masking is not something which you really have to think about as a standalone problem. It has always be part of a bigger plan securing the data.
Yeah, absolutely. So, so, so guardian actually does include capabilities for masking within IBM. We also leverage frequently our Optum capabilities that provide that provides static masking as well and, and, and specializes in, in the area of masking.
So thanks a lot to all attendees for being with us today in this webinar. I hope to see you in one of our future webinars again and have a nice day.
