Powered By InformationWeek Business Technology Network
 
Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Facebook Automates Sensitive Data Discovery

Facebook adopts dataguise dgdiscover to identify sensitive user data

Nov 17, 2009 | 12:46 PM

Fremont, Calif., November 17, 2009 " dataguise (http://www.dataguise.com), a leading innovator of security solutions for protecting sensitive data across the enterprise, today announced that Facebook has adopted dataguise dgdiscover to identify sensitive user data such as IP addresses, social security numbers and other personal information in compliance with the PCI Data Security Standard (PCI-DSS) and California SB 1386.

Founded in 2004, Facebook is a social utility that helps people communicate more efficiently with their friends, family and coworkers. The company develops technologies that facilitate the sharing of information through the social demographic, the digital mapping of people's real-world social connections. Facebook is the second most-trafficked PHP site in the world, and one of the largest MySQL installations in use, running thousands of databases. Facebook has built a lightweight but powerful multi-language RPC framework that allows the company to seamlessly and easily tie together subsystems written in any language, running on any platform.

dgdiscover is deployed as a scanner across Facebook's corporate MySQL and Oracle database environments, helping the social networking leader quickly identify where sensitive information is located throughout these important corporate databases. dgdiscover is unique in that it identifies all database instances on the network, supporting more secure operations by helping ensure that new database instances and all sensitive data types are located for proper attention.

"Prior to an automated database scanner, the process of sensitive data discovery across corporate databases then searching each repository for sensitive user data was a more manual process that was enormously time consuming," said Bob Read, Security and Compliance Manager for Facebook. "dgdiscover has reduced our sensitive data discovery process from weeks to under two days, satisfying PCI auditor demands to provide proof of compliance within rigid deadlines."

dgdiscover looks for sensitive and potentially sensitive data within structured and unstructured repositories and employs sophisticated pattern matching algorithms to automatically identify data such as credit card numbers, expiration dates, social security numbers, and phone numbers. dgdiscover creates detailed reports with easy to interpret graphical summaries showing where such information resides in database tables. dgdiscover also has the unique ability to search unstructured sources such as text files, Word, Excel and PowerPoint documents, as well as other file formats for a comprehensive search. dgdiscover includes a library of predefined templates for conducting searches for data relevant to compliance initiatives such as PCI-DSS, PII, HIPAA, and state regulations such as California SB 1386.

"We hope to integrate dataguise with our enterprise job scheduler via the command line to make the process even more efficient," added Read. "From both a compliance and operational perspective, dataguise will allow us to easily satisfy auditor requirements quickly and without the need for costly professional services or extensive IT financial or human resources."

"With the trend toward more regulation around data breach notification, organizations are under greater pressure to identify and safeguard their information from unauthorized access," said Allan Thompson, Executive Vice President, Operations for dataguise. "dataguise does this in a simple yet comprehensive manner that replaces multiple point products or manual processes with a single, automated multi-database solution that is the most accurate available."

About dataguise

dataguise offers automated and advanced database security solutions to help ensure regulatory compliance and protect against data theft. Dgdiscover enables organizations to find structured database repositories across the network, search and discover sensitive data in structured databases. Dgmasker is then able to mask or de-identify to protect sensitive data.

dgmasker provides secure masking of database content with unprecedented flexibility and functionality across heterogeneous environments. For more information, call 510-824-1036 or visit www.dataguise.com


Subscribe to RSS



Database Security Reports

report Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
You can read about the consequences of not protecting critical data in the daily headlines. In response, security-conscious organizations are tackling the complexities involved in effectively monitoring their databases for potential leaks and compromises. Fortunately, an emerging class of software is stepping up to help. Here’s what enterprises need to know about selecting, deploying, and managing DAM technology.

report SQL Injection: A Major Threat to Data Security
Of all the attacks taking place on Web sites across the Internet today, SQL injection is the most popular for cybercriminals trying to hack their way into corporate data stores. But for such a pervasive threat, there is still little understanding within the development and database communities about what constitutes a SQL injection vulnerability, how attacks against a SQL injection bug work, and how to mitigate the risk. We examine how these exploits work and what you can do to stop them.

report Protecting Your Databases From Careless End Users
While much attention is paid to outside attackers' efforts to crack enterprise databases, IT organizations often overlook an even greater threat: end users. Ignorance and disregard of company security policies may lead employees to expose their organizations' databases to compromise, often without even knowing that they’re doing so. In this report, we offer advice on how to educate users on database security, and some common-sense recommendations on how to limit the damage.

report A Database Administrator's Guide to Security
While most security pros have become painfully aware of the threats posed to their organizations' databases, many of those who create and maintain the databases still don't fully understand the danger.  This "security primer" is designed to open the eyes of the DBA to the risks posed by poor database security – and to current "best practices" that can help prevent those risks from becoming reality.

report Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Most of an enterprise’s most sensitive and valuable information resides in databases. Yet, in many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.

Related Content

HOWTO Secure and Audit Oracle 10g and 11g
Read the "Hardening Your Database" chapter from the 454-page book "HOWTO Secure and Audit Oracle 10g and 11g" and learn how to navigate the many security options within Oracle (authored by database security expert and Guardium CTO, Ron Ben Natan, Ph.D.)

HOWTO Monitor Database Activity
Read the "Database Activity Monitoring (DAM)" chapter from "HOWTO Secure and Audit Oracle 10g and 11g" (CRC Press, 2009) and learn how to leverage DAM to prevent cyberattacks, monitor privileged users and track access to sensitive data.

8 Steps to Holistic Database Security
Get the 8 essential best practices for a holistic approach to both safeguarding databases and achieving compliance with key regulations such as SOX, PCI-DSS, NIST 800-53 and data protection laws.

Essential Steps to Implementing Database Security and Auditing
Learn best practices and specific tips for effectively securing Oracle, SQL Server, DB2, MySQL and Sybase environments, including tracking security vulnerabilities, the anatomy of buffer overflow vulnerabilities and database auditing.

Databases at Risk: Current State of Database Security (ESG Research)
This recently published ESG report analyzes the current state of database security -- concluding it depends upon too many manual processes -- and also offers concrete steps to improve database security across the enterprise.