Meta Group reports that it has seen a jump in the number of inquires related to database security and compliance throughout 2004. It looks like most large organizations are confused over how to react to the tidal wave of regulation that has given them a sense of urgency to drop everything and tackle data privacy.But most are clueless with how to apply the appropriate security controls when faced with a myriad of databases containing sensitive customer data. Data privacy requirements are open to wide interpretation to how personal data is handled, and meetingtoday's stringent requirements is unreasonable says Meta; "No reasonable individual with knowledge of IT infrastructure and process would possibly hold an organization up to such a standard at this time, or even until the end of this decade." Instead,Meta recommends that governments cut organizations some slack and apply a "reasonable-person" test to checkifthey're at least moving toward achieving the spirit of many of these regulations. Below are Meta's"reasonable" steps you can taketoaddress database security:
Among the best ways to check if your organization is doing everything it could reasonably be asked of it is to compare the efforts of peer enterprises and to leverage professional organizations and trade journals, says Meta. If you're already considering database encryption a white paper from RSA security can help you formulate a strategy.