US INVESTORS BUSINESS DAILY ARTICLE OF INTEREST ON COMPUTERS AND DATA PROTECTION
Investor's Business Daily
June 5, 2006 Monday NATIONAL EDITION
INTERNET & TECHNOLOGY; Pg. A04
685 words

Is There A Better Way To Protect Your Data?; Call It A Rent-A-Cop; Justice Dept., others are using new software that watches over databases

DONNA HOWELL

Your bank, your insurance companies, the stores you shop at, the government departments you deal with -- nearly all firms and agencies with which you interact -- have vast databases.

Thefts of some data and new rules on data privacy are driving interest in the crucial area of database security.

Encryption, or the scrambling of information, is one way to protect databases. But encrypting a whole database slows its performance so that process is not used much.

New ways of keeping databases safe are starting to catch on. One method is using software that assesses database vulnerability.

The U.S. Department of Justice is a user of such software. And the venture group of credit card giant Visa International is an early investor in such software.

"We're interested in how databases are secured," said Jay Reinemann, vice president of strategic ventures and alliances at Visa. "And Visa continues to see more and more issues around how databases are secured, both with our merchants and members."

Visa's venture fund holds stakes in 10 firms whose security software or other technology is of strategic value to the credit card industry. New York-based Application Security is one of these firms. It assesses databases using a scanning technique.

"They have concentrated on an area that's so key for us to lock up," Reinemann said. "And they've been doing it at an earlier stage than others."

Other firms with in-depth database scanning software are privately held Integrigy, based in Chicago, and British firm Next Generation Security Software. Larger software makers Symantec and CA have products that do some basic database scanning.

Application Security's flagship product is AppDetective. The software helps find databases that are running on a network and then determine how vulnerable they are. The first version came out in 2002.

The company also makes a product called DbEncrypt, out since 2001. It's software that scrambles just some columns of data, quickly. So transactions won't slow down, but the data are secured. There's also AppRadar, introduced in 2004. It flags odd activity in databases, to uncover worms, for instance.

Some Justice Department units use AppDetective, including the FBI and Office of Justice Programs. The Justice Department aims to spread it to dozens of other divisions. "AppDetective fills what I consider to be a critical need," said Dennis Heretick, the department's chief information security officer. "We look at solutions in terms of their ability to mitigate threats and risks in our environment. This one scores very high."

Heretick says the software helps security teams understand how many databases are in use at any time and what flaws they might have.

Besides government, some telecom and financial firms also have been early Application Security adopters.

Increased use of the Internet for commerce is one force driving interest in database scanning software, says Ted Julian, Application Security's vice president of marketing.

"Organizations are making more and more of their business-critical systems available via the Web, as they should," he said. "It drives a compelling e-commerce strategy or helps them connect better with suppliers and customers.

"It's good they're providing that enhanced access. But with that comes greater risk."

Online attacks are getting much more focused, Julian says. These days, perpetrators more often have a profit motive. Databases are logical targets, since they store crucial personal data.

Firewalls and intrusion-detection software have risen to become big markets, Julian says, but he says there's been nothing "like the litany of break-ins we've seen over the last couple years. Fifty-four million personal records (were breached) from the beginning of 2005 to today," Julian said. He made this statement before the recent theft of data on 26.5 million veterans came to light.

Another reason more firms and agencies seek to secure their databases better is the rise of regulations. In California, for example, a law passed in 2003 makes firms that do business in the state tell people if any of their personal data has been breached.

June 5, 2006