The book includes insights from the following experts:

  • Lester Godsey, City of Mesa, CISO, Securing Data Requires A Multipronged Approach >>
  • Richard Rushing, Motorola Mobility, CISO, LLC., You Must Be Able to Verify Data and Validate Access >>
  • Jonathan Levine, Intermedia, CTO, CIO, CISO, Securing Databases Requires a Mix of Tools and Best Practices >>
  • Dilip Panjwani, Larsen & Toubro Infotech Ltd (LTI), Chief Information Security Officer & IT Controller, Protecting Databases Requires Balancing Controls and Performance >>
  • David Billeter, CA Technologies, Chief Information Security Officer, First Decide Which Data is in Most Need of Protection >>
  • Daniel Schatz, Perform Group, CISO, Database Visibility Is Central to Database Security >>
  • Chris Thompson, Bentley Systems, Global Director, IT Security and Controls, Securing Cloud Databases Requires Focusing on More Granular Controls >>

7 Experts on Database Security was generously sponsored by Trustwave.

Securing databases has become a serious challenge for many organizations. One reason for this is that the bad guys know some of the most sensitive and valuable data they can steal is stored in databases. Another is that in this world of cloud computing, mobility and easy data sharing, it is becoming very difficult to know exactly where your data is at all times.

So how do businesses secure their databases? How do they keep track of their data, and how do they know they are meeting compliance requirements? How can they be sure they are adequately patching database vulnerabilities? To answer these questions, we once again turned to the experts. With the generous support of Trustwave, we asked seven security experts the following question:  

What advice, strategies and best practices would you give to a business to effectively secure their databases?

One interesting insight that comes from reading these essays is that although many traditional security controls, such as access management and data validation, remain central to database protection, how they are applied is in a state of transition. This is being driven in part by the decentralization of databases and the role of DevOps processes in deploying database functionality.

Like much that is happening in cybersecurity today, the practice of securing databases is evolving. I believe these essays provide an interesting snapshot of current database security practices.