SecureIT Releases Whitepaper that Examines Database Security Needs of Federal Government Agencies

Paper presents a solution for overcoming challenges associated with database security threats and the costs associated with achieving and maintaining compliance

May 15, 2009

FOR IMMEDIATE RELEASE
Media Contact: David Trout, 703.464.7010

Reston, VA — SecureIT, a recognized leader in cyber security and risk management professional and technical services for Federal government agencies and Fortune 1000 corporations, announced the availability of a whitepaper which examines the critical challenges confronted by Federal government agencies associated with protecting database systems and the sensitive data they contain.  Mr. Jim Graham, Senior Vice President at SecureIT, stated “agencies have worked to reduce vulnerabilities and to adapt technologies to detect and prevent security threats, however, the bad actors continue to create new ways to circumvent these defenses”.  He added “weak database security controls and threat detection has led to continued data breaches involving the loss of sensitive and critical information from Federal government computer systems”.

The whitepaper titled “Protect Databases from Security Threats and Automate Compliance” presents the security challenges and requirements faced by government agencies along with the need to adopt emerging technology such as cloud computing.  The whitepaper identified a series of use cases to overcome many of these challenges and outlines an enterprise solution that can be implemented today.  Working with its technology partner Guardium, the SecureIT solution provides Government agencies:

• Data discovery and classification tools to identify sensitive or classified data and prevent leakage
• Vulnerability assessment solution to identify and resolve database application vulnerabilities
• Implement controls to restrict access to sensitive data
• Track sensitive data extractions (OMB 06-16)
• Real-time database activity monitoring to proactively identify unauthorized or suspicious activities with the ability to take proactive measures
• Correlation alerts to notify the proper personnel on events such as an unusual number of SQL errors or login failures
• Baselining to get a clear picture of normal database usage to develop policy rules based on and alerts for activity considered abnormal
• Enterprise wide auditing and compliance solution for databases to simplify FISMA, FISCAM, Privacy Act, OMB, NIST, DIACAP, and HIPAA policy requirements
• Change control solution to prevent unauthorized changes to database structures, data values, privileges, and configurations
• Continuous monitoring of database-related security controls to support Certification and Accreditation (C&A) per NIST SP 800-53A and NIST SP 800-37

SecureIT is currently working with GSA to add Guardium products to its GSA schedule.

About SecureIT

SecureIT is a professional and technical services firm focusing on information security and risk management. SecureIT helps Federal government agencies, corporations and other non-government organizations manage risks in business processes, technology and contracted services through services and solutions in the areas of Cybersecurity, Information Assurance, Governance, Risk & Compliance, IT Audit, and Security Training. Founded in 2001, the company sits on the board and is active in Washington DC area chapters of information security organizations such as ISACA, ISSA and IIA. SecureIT serves clients in the Federal government including: DISA, HHS, DOJ, Treasury, USAID, Education, NASA and USPS as well as corporations such as Beers & Cutler, Constellation Energy, CSC, E*TRADE, Noridian, and The Washington Post as well as non-government organizations such as Freddie Mac Inter-American Development Bank and the International Monetary Fund (IMF). For more information, call 703.464.7010, email info@secureit.com or visit www.secureit.com

About Guardium

Guardium, the database security company, delivers the most widely-used solution for ensuring the integrity of enterprise data and preventing information leaks from the data center. The company’s enterprise security platform is now installed in more than 450 data centers worldwide, including 3 of the top 4 global banks; 3 of the top 5 insurers; 2 of the top 3 global retailers; one of the world’s largest PC manufacturers; a global soft drink brand; and a leading supplier of business intelligence software. The company has partnerships with Oracle, Microsoft, IBM, BMC, EMC, Accenture, McAfee and ArcSight, with Cisco as a strategic investor, and is a member of IBM’s prestigious Data Governance Council and the PCI Security Standards Council. Visit the company at www.guardium.com

# # #