News
Pervasive tightens data security
- By Will Kilburn
- October 22, 2003
Pervasive Software (www.pervasive.com), Austin, Texas, has brought out new versions of three data security products which the company says address the linked issues of data availability, accountability and integrity, all without having to write additional code.
"We looked at it from a holistic view, and boiled the problems that small- to medium-sized enterprises face into three buckets," Suaad Sait, Pervasive's vice president of marketing, told eADT. "One is external threats such as database attacks or violation of privacy; internal exposures around fraud, error and data theft [is another]; and last, but not least, disaster recovery."
Sait said Pervasive.SQL can provide encryption for privacy and access control across all the database access methods through the security release. AuditMaster can provide auditability and accountability around transactions, while the DataExchange replication technology offers real-time data backup capabilities for availability. "We believe that data management security companies need to provide security at the data level, not at the application level," Sait said. "And if the application developer doesn't have to go and program this into the application, they can deliver these added values to their customers very quickly."
At the core of the new security push is a new version of the company's flagship product, Pervasive.SQL V8 Security, which Pervasive Product Manager Lance Obermeyer said was built to better address "improved authentication through something we call a unified security model. We have encryption across the wire so data being sent from the client to the server is encrypted to prevent people from spying on it, say, through a packet sniffer. It unifies our view of security -- in the past, we had security mixed between the operating system rights and database rights and application-level behavior."
AuditMaster 6.0 was created to find the human cause of database problems, Obermeyer said. "Its key feature is that it will log all database events into its repository, so it will know the 'who, what, where, when and how.' It will record user names, IP addresses and changes that they've made to data, so you can always go back and determine where a data value came from and who put it there," Obermeyer said. "It has a viewer for querying and analyzing the log, and also allows you to create proactive alerts that will notify you if anomalous conditions occur."
This, Obermeyer said, is key not only for finding the source of fraudulent activity, but for tracking down those who inadvertently trash databases like the proverbial bull in a china shop.
"'Stupid user syndrome' is as big a problem around data validity as anything. A lot of our customers are looking at AuditMaster not so much to detect fraudulent use as [to see that] 'Oh, someone inadvertently deleted a patient master record, and now the whole thing's fouled up,'" he said. "They can determine who did that, maybe give them some additional training, and since it keeps a detailed log of everything that happens, it even gives the administrator the ability to undo a transaction."
Rounding out the package is DataExchange 2.5, Pervasive's automated, real-time data backup product, which Obermeyer said can be used in both new and traditional ways.
"There are some people who use it to do real-time backup, because the data in their database is highly valuable and time-sensitive," he said. "The second way is around data synchronization, the more classic use of database replication technology, and that's to manage data sharing networks like remote offices to a home office, or sharing data amongst warehouses.
"From a security perspective, it's the real-time backup that is the most relevant," Obermeyer said. "People are concerned about protecting their data from lots of different threats -- disasters like fire, the building falling down, the real extreme things. But in reality, servers are stolen all the time and if you do not have a clean, fresh backup of your data on a backup server, then your entire business may be at risk."