Search Blog for

Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution

Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution

Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous (and growing) amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and governance and shift their focus to data-centric audit and protection (DCAP). A DCAP solution helps mitigate the risks and threats to each sensitive data type and apply them consistently across all silos and applications.
In its Market Guide for Data-Centric Audit and Protection (requires Gartner account), Gartner helps CISOs and their teams identify DCAP solutions that deliver six core capabilities:

  • Data classification and discovery
  • Data security controls
  • Assessment and monitoring of user roles and permissions
  • User monitoring and auditing
  • Behavior analysis, alerting, reporting
  • Block, encrypt, tokenize, mask, quarantine

While the guide highlights products that offer the most comprehensive coverage of the above capabilities, there remains considerable variation among those on the potential short list. To help CISOs and their teams decide which solution is the best, we’ve created this list of five additional capabilities you should insist upon when selecting a new solution for data security and governance.

#1: Fast deployment time

Your organization can’t afford to leave sensitive data stores exposed and unmonitored for any length of time. That’s why in addition to a solution that delivers on Gartner’s six critical areas of functionality, you need one that also streamlines deployment. Some solutions could take months or even years to fully deploy across all your silos. To secure your data as quickly as possible, look for a solution that offers:

  • A scalable architecture that reduces the number of components that need to be deployed
  • Automated, bulk configuration of components and rapid integration with the rest of your organization’s security, compliance, IT provisioning, and ticketing systems (see Figure 1)
  • Out-of-the-box capabilities that eliminate the need to build or configure everything from scratch, including audit policies, vulnerabilities, configuration checks, workflows, and reports for common applications, repositories, and regulations

SecureSphere deployment automation API
Figure 1: Imperva SecureSphere API speeds deployment time with automation.

#2: Flexibility and adaptability

You also need out-of-the-box applicability for the broadest range of enterprise use cases, scenarios, and data infrastructure possible—both now and as your organization’s needs change in the future. Include only those solutions on your short list that support your relational and big data platforms as well as your cloud environment.
But don’t stop there. For maximum flexibility and adaptability as your environment grows and changes, make sure you’re not limited to an agent-only deployment. You want to have the ability to use other, non-intrusive, network-based deployment options to maximize coverage and performance.

#3: Breadth and depth of functionality

Many native tools only offer monitoring and are therefore unable to stop egregious activities from occurring. Standalone alternatives suffer from a similar deficiency in that they only provide a limited set of functionality.
You don’t want to have to cobble together numerous disparate products to get the essential data protection and audit capabilities you require. Your short list should only include robust, integrated solutions that enable everything you need to:

  • Continuously monitor and audit access to sensitive data
  • Uncover unauthorized access and fraudulent activity
  • Alert and block attacks and unauthorized activities in real time (see Figure 2)
  • Stop targeted attacks and other advanced cyber threats
  • Detect and virtually patch database vulnerabilities
  • Accelerate incident response and forensic investigations
  • Automate reporting and compliance activities across the entire database environment
  • Establish a repeatable, automated process for compiling, reviewing, and managing user access rights across heterogeneous data stores

SecureSphere policy blocking
Figure 2: Example of Imperva SecureSphere policy set to block international data transfers

#4: Scalability

With the number of data repositories in your organization likely running into the hundreds or even thousands, you need to pay particular attention to the scalability of any solution your organization is considering.  Poor scalability has the potential to negatively influence everything from time to value, adaptability, and functionality, to the costs for product licenses, hardware, daily operations, maintenance, and support.
When you evaluate DCAP solutions, ask about scalability and whether the vendor takes advantage of features such as the use of big data techniques for collecting and processing data rather than traditional relational database techniques and native clustering of data collection gateways. Both help the solution reduce the number of data collection gateways needed and improve scalability while not short-changing functionality and insight.

#5: Lower total cost of ownership

Unless you find yourself in a unicorn start-up, you probably don’t have an unlimited budget. In fact, you probably have to continually find ways to do more with less. A good DCAP solution doesn’t have to break the bank.
Look for a solution that is architected to deliver maximum protection and functionality at the lowest operating cost. One way to evaluate this is to ask the vendor how many virtual appliances will be needed to monitor all your data stores.
Another aspect of cost savings is automation, which eliminates manual efforts around configuring, operating, and maintaining the DCAP solution. Look for automated workflows and feeds as well as centralized management of the solution without the need to locally administer agents.

More help in refining your short list

Your short list of DCAP solutions should be focused on effective and efficient offerings that combine extensive data security and audit functionality with the ability to eliminate disparate management silos and inconsistencies by coordinating policies across numerous types of data stores. You can use the above criteria to help you further refine your list.
For more explanation of the five requirements discussed here—plus two more important requirements—download our white paper, “Seven Keys to a Secure Data Solution: How to Choose the Right Data-Centric Audit and Security Solution.”