Your SlideShare is downloading. ×
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
The Business Case for Data Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Business Case for Data Security

1,397

Published on

The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. …

The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,397
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. White Paper The Business Case for Data Security Business Case The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions. “ ” With the growing threats to applications and data, from large-scale, automated Web attacks to insider malfeasance, proactive data security has become mandatory.
  • 2. The Business Case for Data Security Executive SummaryDatabaseFileWeb Large-scale application attacks, targeted insider threats, and a swelling raft of regulations are compelling organizations to adopt a new defense: data security. In this paper, we will address three key business questions: 1) What are the risks and regulatory drivers for data security? We take a close look at today’s security and compliance landscape, current data security challenges, and the auditing and reporting requirements in leading data privacy and data governance regulations. We conclude that data security should be an executive focus, when businesses consider the devastating impact of data breaches and the rising costs of regulatory compliance. 2) What are the alternative approaches to achieving data security? We contrast Imperva’s holistic data security approach with other approaches, including “do it yourself” projects, use of data security features within event management and application delivery products, and loosely integrated data governance solutions. It is our contention that only a comprehensive and intelligent platform can deliver the right level of security and control that is essential for effective data security. 3) What are the financial benefits of deploying a holistic data security solution like Imperva SecureSphere? Based on the analysis offered above, we determined that Imperva SecureSphere offers a cost reduction and cost avoidance benefit of 274% compared to alternative approaches. Calculating the total costs over a five year period, a typical large enterprise would spend $5,487,500 in data breach expenses, manual monitoring, auditing, and reporting costs versus $1,467,850 with Imperva SecureSphere appliances, licenses, maintenance, and operations costs. The cost savings are compelling, demonstrating why data security has moved to the forefront of most organizations security strategy. Imperva White Paper < 2 >
  • 3. The Business Case for Data Security I. Data Security and Compliance: An Evolving LandscapeDatabaseFileWeb Security and compliance are two of the most critical concerns for any organization. Between 2005 and 2010, data breaches have cost organizations billions of dollars and exposed over 500 million sensitive records,1 leaving a litany of lawsuits, sanctions, fines, and lost revenue, in their wake. In addition, organizations are subject to increasingly stringent regulatory compliance requirements. A growing number of regulations mandate monitoring and auditing of user activity, application safeguards, and internal controls. To develop a cohesive strategy for security and compliance, organizations must analyze their security risks and compliance needs. Financial Impact of Security Incidents Data breaches are financially devastating, averaging $6.75 million per incident and $204 per compromised record.2 Data breaches not only impact organizations, but also affect the tens of millions of individuals who fall victim to identity theft and fraud. Due to external attack or insider abuse, data breaches are perhaps the single most damaging security event that an organization can endure. In addition to breaches, organizations must fortify their valuable resources against denial of service, data loss, and data manipulation. Hacking and External Threats Hacking and external threats are the leading cause of data breaches, accounting for approximately 94%3 of all compromised records in 2009, according to an in-depth investigation of data breaches. And 92%3 of compromised records from hacking-related attacks were attributed to Web application attacks. Based on this forensic evidence, if organizations had fortified their Web applications against attack, they could have reduced the total number of known compromised records from over 140 million to roughly 20 million. Web Application (92%) Network File Shares (1%) Remote Access and Control (2%) Physical Access (1%) Backdoor or Control Channel (5%) Wireless (1%) Unknown (1%) Figure 1 Proportion of Breached Records Due to Hacking by Attack Method3 The rise in Web-related data breaches is due in part to more sophisticated attack techniques. Hackers have become more organized, pooling resources, and delegating responsibilities based on skill set. They are also creating automated capabilities to improve efficiency and scale building armies of bots – remotely controlled computers – to unleash large-scale, automated attacks.4 These new methods have made Web application attacks very effective and, unfortunately, very destructive, as is borne out in data breach investigations. 1 Privacy Rights Clearinghouse, www.privacyrights.org/500-million-records-breached 2 Ponemon Institute, “Cost of a Data Breach,” January 2010 3 Verizon Business, “2010 Data Breach Investigations Report 4 Imperva, “Industrialization of Hacking,” 2010 Imperva White Paper < 3 >
  • 4. The Business Case for Data Security The Enemy InsideDatabaseFileWeb Risks associated with insider threats, ranging from sabotage and fraud to sensitive data theft, have also increased, along with the opportunities for insiders to profit from their illicit activity. Many organizations have overlooked insiders who may access sensitive networks, applications, and data on a daily basis. Privileged users must have access to sensitive data in order to perform their job. Therefore, they can abuse these privileges and gain control of such data more easily and more covertly than external users. It is not surprising, then, that insiders accounted for 48% of all breaches and 3% of all compromised records in 2009.5 Rising Cost of Achieving and Maintaining Regulatory Compliance Organizations of all sizes must comply with a raft of regulations designed to bolster security, reduce fraud, and ensure privacy. These regulations were enacted for a variety of reasons: as the result of an extraordinary event, as with the implosions of Enron and Worldcom that led to Sarbanes Oxley (SOX), or as the evolution of disparate security standards that morphed into the industry-wide and influential Payment Card Industry Data Security Standard (PCI DSS). Addressing Multiple Compliance Mandates In addition to SOX and PCI, organizations must adhere to a range of other industry and government regulations. Healthcare companies must comply with HIPAA, the HITECH Act, and MAR. Federal institutions must fulfill FISMA, ITAR, EAR, and DISA STIGs requirements. Energy companies must comply with NERC and FERC. Organizations in Europe are governed by Basel II and EU data breach notification laws. The list goes on, as does the amount of auditing and security requirements that organizations must address. On top of these regulations, new regulations are introduced every year, and existing laws change. While each regulation defines unique auditing and security requirements, it is possible to distinguish consistent themes across most compliance mandates. Achieving compliance becomes much easier when organizations develop well-defined and repeatable processes that track all user activities, maintain separation of duties, and establish user accountability. Demonstrating Compliance All regulations require organizations to demonstrate compliance to external auditors and governmental agencies. Organizations must prove that compliance processes are in place. They also have to collect pertinent audit and security data and present it in a clear, understandable format. With these operationally taxing manual processes, it is not surprising that U.S. businesses spend over $2.5 billion on SOX compliance each year.6 5 Verizon Business, “2010 Data Breach Investigations Report 6 AMR Research, “With GRC Spending at an All-Time High, What Happens to SOX?” Imperva White Paper < 4 >
  • 5. The Business Case for Data Security II. Data Security: Requirements and Alternative ApproachesDatabaseFileWeb Organizations’ data security strategy should focus on the core business drivers of preventing external attacks, mitigating insider abuse, and automating compliance processes. Some of the resulting operational requirements include: » Accurate Protection for Business-Critical Applications and Data A data security solution should provide comprehensive protection of all critical data assets including Web applications, databases, and files from external attack and insider threats. Because of the complex nature of data-layer threats, a security solution should be able to detect known attack methods, malicious users, deviations from expected user behavior, and correlate multiple event attributes together for pinpoint accuracy. » Full Auditing with Separation of Duties Since audit trails of user activity have become an essential aspect of compliance, a complete data security solution must be able to audit all access and changes to databases and files. It should ensure audit data integrity and user accountability and identify material variances in user activity. Demonstrating compliance must be achieved through automated reports and analytical tools – the basis for forensic investigations. » Low Impact Deployment Any solution designed to improve security should not impact application uptime or impose management burden. The solution should meet availability and performance requirements while not introducing operational risks. In addition, it should support centralized management, monitoring, auditing, and reporting to streamline administration for large, distributed deployments. Data Security: The Future of Security and Compliance To address the full scope of today’s security and compliance requirements, Imperva has created a new technology category, Data Security. With Data Security, organizations can mitigate data breach risks and directly satisfy auditing and compliance mandates by implementing one, integrated, best-of-breed security solution. Data Security protects business-sensitive data where it lives, in database and file servers and how it is accessed, through applications. With data-layer protection, data security solutions can block the attacks that lead to costly data compromises more accurately than any existing technology. It can also monitor users to prevent insider abuse, and audit all activity with unmatched visibility for compliance. The Imperva SecureSphere Data Security Suite Imperva SecureSphere Data Security Suite encompasses the market-leading SecureSphere Web Application Firewall, and the award-winning SecureSphere Database Security and File Security Solutions. Either deployed alone, or together as one integrated, centrally managed solution, SecureSphere Data Security Solutions offer a powerful defense against hackers and malicious insiders, streamline and automate regulatory compliance, and prioritize and mitigate data risks. Imperva White Paper < 5 >
  • 6. The Business Case for Data SecurityDatabaseFileWeb SecureSphere Data Security Solutions offer organizations several unique capabilities: » Complete, End-to-End Data Protection - SecureSphere protects data where it is stored – in databases and files – and how it is accessed – through applications – and addresses the full Data Security and compliance life cycle. » Automated Security – Imperva’s patented Dynamic Profiling automatically learns application and database usage without manual intervention. The unique ThreatRadar service further streamlines security by automatically stopping attacks from known, malicious sources. » Full Visibility with Separation of Duties – SecureSphere monitors and audits all database and file activity, including privileged user access, without relying on native auditing capabilities. Interactive audit analytics enable users to analyze, correlate and view activity from any angle. » Streamlined User Rights Management – SecureSphere simplifies the process of reviewing and managing user rights across distributed file servers and databases. SecureSphere aggregates access rights, identifies dormant accounts and highlights excessive privileges. » Zero-Impact Deployment – SecureSphere offers multiple, transparent deployment options for easy integration into any environment with no impact on existing applications, databases or files. Imperva White Paper < 6 >
  • 7. The Business Case for Data Security Contrasting Imperva’s Data Security with Alternative ApproachesDatabaseFileWeb To meet security and compliance requirements, organizations may rely on a combination of native logging tools, manual reporting processes, and manual application vulnerability fix and test procedures. The following section investigates various approaches to prevent data breaches and address compliance mandates. Security Information and Event Management To manage the massive amounts of data collected, some organizations have turned to Security Information and Event Management (SIEM) solutions. SIEMs aggregate log data across multiple servers and devices, correlate events to identify anomalies, and streamline compliance reporting. However, SIEMs that rely on native logging for audit data present the following challenges: » Complex configuration of native database and file server logging utilities by DBAs and IT Administrators » No separation of duties as logging policies and audit trails can be manipulated by the users that should be audited » Significant degradation database and file server performance In addition, SIEMs, as cross-product security event aggregators, do not provide in-depth analysis or purpose built reports for database and file activity, and cannot prevent unauthorized access or monitor activity in real-time. Data Governance and Information Management Information Management vendors offer a broad spectrum of solutions for data management and governance. This breadth enables organizations to use one supplier to address multiple data security and data management requirements. However, such an approach often increases the cost, complexity, and duration of data security and compliance projects. Broad-scale, non-specialized information management vendors may turn relatively simple auditing projects into multi-year, company-wide consulting engagements. In addition, while broadening project scope, information management vendors often fall short in terms of addressing all necessary auditing and compliance requirements. For example, an information management vendor may be able to secure database data, but not files nor applications. Organizations should assess their current and future security requirements and determine if such a solution is aligned with project goals and will address monitoring and security objectives within a desired timeframe and budget. Integrated Application Delivery and Security One approach to achieve Web application attack protection is to combine a Web Application Firewall with a load balancer for combined application delivery and security. Such an approach can consolidate multiple functions onto a single hardware platform. However, adding Web application security to existing application delivery controllers (ADCs) can have a number of unexpected consequences, including drastically degrading ADC performance and impacting the stability of mission-critical networking equipment. Most importantly, ADCs only tackle one aspect of data security: application protection. They cannot monitor or protect application data stored in databases, nor can they secure unstructured data in files. Manual Vulnerability Management Most organizations invest considerable effort to ensure that Web applications, databases, and file servers do not contain vulnerabilities. Web developers must allocate time and resources to ensure that applications are written according to secure coding best practices. IT administrators and DBAs must deploy vendor-supplied patches into key applications and databases. Security personnel must test applications and servers for weaknesses and then fix any discovered vulnerabilities. Imperva White Paper < 7 >
  • 8. The Business Case for Data Security However, while an essential aspect of any data security strategy, manual vulnerability patch processes:DatabaseFileWeb » Burden developers and administrators with disruptive fix and test cycles (“fire drills”) » Can expose organizations to attack for weeks or months while vulnerabilities are being fixed Based on extensive research, fixing a single Web application vulnerability takes on average between two to four months.7 With 83% of Websites having had serious vulnerabilities, relying on manual fix and test processes is not sufficient. The length of time to apply database security patches is even longer, often exceeding three months after a patch is released.8 Unfortunately, attackers will not wait for weeks or months to unleash online attacks. Organizations should evaluate solutions that can virtually patch vulnerabilities to eliminate this window of exposure and reduce the costs associated with emergency fix and test cycles. Approaches to Data Security SecureSphere Native Data Governance Application Manual Function Capability Data Security Logging and Information Delivery and Vulnerability Suite and SIEM Management Security Management Security Purpose-Built Platform    End-to-End coverage of all     data assets Proactive Policy Enforcement    Instant Vulnerability    Mitigation Compliance Compliance Automation     Separation of Duties    User Accountability     Deployment Rapid Time-to-Value    No impact on systems and   business processes Imperva White Paper < 8 >
  • 9. The Business Case for Data Security III. Return on Security Investment (ROSI) with Imperva SecureSphere9DatabaseFileWeb The SecureSphere Data Security Suite is designed from the ground up to meet all aspects of security and compliance for business-critical applications and data. SecureSphere provides conclusive cost-savings by offloading operationally-expensive logging from database and file servers and by driving down manual compliance reporting costs. More importantly, SecureSphere offers return on security investment (ROSI) by drastically reducing the risk and impact of a devastating data breach. In order to quantify the cost savings provided by Imperva, we compared the cost of implementing SecureSphere versus the cost of “doing nothing” and the subsequent expenses created by a data breach or manual auditing and reporting processes. The following table shows our assumptions. The number of protected records is an estimate for a medium size company, but this number will vary widely and should be adjusted according to the individual business profile. The average number of records lost in a data breach is extrapolated from results of the Ponemon Institute “2009 Cost of a Data Breach” report. The probability of a data breach is estimated at 5%. Basic Assumptions Value10 Number of Protected Records 100,000 Average Number of Records Lost in a Data Breach 33,088 Probability of a Data Breach 5% Annual Cost of a Full Time DBA or IT Security Administrator (in USD) $110,000 Reducing the Financial Impact of a Data Breach Data breaches are costly, averaging $6.75 million per incident.11 The expenses mount as organizations are forced to investigate breaches to assess affected records, notify customers, and pay legal fees and fines. However, the single highest cost is lost business, accounting for nearly half of the total financial impact of a breach. Statistics show 98% of compromised records originated from servers,12 predominantly Web application, database, and file servers. A dedicated data security solution could lower the cost of a data breach by accurately identifying the scope of the breach or preventing the breach from ever occurring. SecureSphere Database Activity Monitoring and File Activity Monitoring can audit every access to sensitive data and quickly identify the individual records that were compromised. Without this independent and tamper-proof audit trail, organizations often have to assume the worse and notify all potential victims – even if only a fraction of that data was accessed by a perpetrator. An Activity Monitoring solution can drastically reduce the extent of a data breach, by an estimated two thirds. A proactive defense such as a Web Application Firewall, Database Firewall and File Firewall can block attacks, avoiding the breach altogether for almost all application-related breaches. The following table shows the costs of a data breach with and without a data security solution. 9 In our opinion, the only viable alternative approach that fully addresses data security requirements is manual compliance and vulnerability mitigation. The ROSI calculation therefore compares Imperva to a manual approach. 10 These numbers vary between organizations. They represent a typical number for a medium-to-large enterprise. 11 Ponemon Institute, “Cost of a Data Breach,” January 2010 12 Verizon Business, “2010 Data Breach Investigations Report” Imperva White Paper < 9 >
  • 10. The Business Case for Data Security Impact of a Data Breach Due to Web, Database and File Security ThreatsDatabaseFileWeb SecureSphere SecureSphere Without Database and File Web, Database, SecureSphere Activity Monitoring13 File Firewall14 Number of Suspected Compromised Records 33,088 33,088 0 Number of Confirmed Compromised Records Not available 11,029 0 Consulting Services and Investigation Costs $1,350,000 $225,000 0 Notification Costs $742,000 $247,000 0 Legal Costs $1,147,000 $382,000 0 Identity Protection and Other Services $202,000 $67,000 0 Lost Business and Related Costs $3,307,000 $1,102,000 0 Cost of a Data Breach $6,750,000 $2,023,000 0 Vulnerability Remediation Efforts In addition to reducing the likelihood of an expensive data breach, a dedicated data security solution can also cut vulnerability remediation costs. First, Imperva SecureSphere can virtually patch application and database vulnerabilities, thereby eliminating disruptive emergency fix and test cycles. Vulnerabilities can be fixed as part of regular development schedules, which is significantly less expensive than fixing vulnerabilities in production. Second, SecureSphere typically allows organizations to delay minor patch updates until a cumulative patch is available or a new software version is released. This provides organizations considerable cost savings compared to the expense of developing, testing, staging, and implementing software patches. The following table compares the labor costs of remediating Web application and server vulnerabilities for an organization with 10 online applications, 15 Web servers, and 5 database servers. Annual Vulnerability Remediation Labor Costs Without SecureSphere With SecureSphere Emergency Fix and Test of Custom Vulnerabilities $120,000 $0 Custom Vulnerability Fixes in Scheduled Releases $0 $19,200 Operating System Patches $25,000 $12,500 Web Server Patches $25,000 $12,500 Database Server Patches $12,500 $6,250 Total $182,500 $50,450 13 SecureSphere Database and File Activity Monitoring offer auditing but no access control; 14 When SecureSphere is implemented in “Firewall” mode, the risk of a Web, Database or File data breach is immeasurable. While auditing can reduce the impact of a breach by identifying actual compromised records, when SecureSphere is deployed inline, it can proactively prevent attacks from occurring. Imperva White Paper < 10 >
  • 11. The Business Case for Data Security Labor Costs of Auditing and ReportingDatabaseFileWeb While both databases and file servers offer native logging capabilities, managing and maintaining audit log files can be an expensive proposition. Database or IT administrators must determine what activity to audit, create log rules, and then sort through reams of log messages to find materially relevant information for reports. Raw data must be arranged into a presentable format for auditors. Organizations must also develop in-house tools to prevent unauthorized access or manipulation of log data for separation of duties. Native tools only address one aspect of the data security and compliance lifecycle. They cannot locate sensitive data on the network, test databases for vulnerabilities, or patch these vulnerabilities. Organizations that use native audit tools must also account for the costs of manually discovering and classifying sensitive data – two requirements either implied or explicitly spelled out in many compliance regulations. Furthermore, many regulations require that organizations limit user access rights to business need-to-know and remove dormant accounts. For large enterprises, managing database and file access rights for thousands of users can be an overwhelming task, leading many administrators to grant excessive privileges. A dedicated data security solution such as SecureSphere can eliminate manual administrative tasks, automate auditing and compliance reporting, and dramatically improve the overall security posture of the organization. The following table compares the number of full time employees required to meet database and file security compliance requirements, with and without a data security solution. Without SecureSphere With SecureSphere Labor costs for Labor costs for Labor costs for Labor costs for Task initial setup ongoing maintenance initial setup ongoing maintenance Discovery $55,000 $55,000 $11,000 $11,000 Classification and Assessment $55,000 $55,000 $11,000 $11,000 Managing User Rights to $110,000 $110,000 $55,000 $11,000 Databases and Files Enablement of Auditing $27,500 $27,500 $11,000 $1,100 Writing and Maintaining $165,000 $55,000 $11,000 $11,000 Custom Scripts Creating Custom Reports $110,000 $55,000 $27,500 $11,000 Implementation of Workflow $110,000 $55,000 $11,000 $11,000 and Business Processes Total $687,500 $412,500 $137,500 $67,100 Software and Hardware Investment for SecureSphere Versus Native Auditing In addition to comparing the labor expenses of security and compliance, businesses must also analyze the hardware and software investment. With SecureSphere, the costs are relatively straight forward: the price of the SecureSphere Data Security Suite, which includes the price of the Web Application Firewall, Database Firewall and File Firewall, plus the MX Management Server. If organizations opt for native logging, then they will need to purchase additional hardware and software licenses to maintain previous performance levels. This is because full logging of all activity can degrade server performance by approximately 30 - 50%. The table below compares the infrastructure costs incurred by using native logging tools versus deploying the SecureSphere Data Security Suite. Imperva White Paper < 11 >
  • 12. The Business Case for Data SecurityDatabaseFileWeb Without SecureSphere With SecureSphere Additional Database and File Server Hardware $50,000.00 $0.00 Additional Database and File Server Software $200,000.00 $0.00 SecureSphere Data Security Suite and $0.00 $73,600.00 MX Management Server Annual Support and Maintenance Fees $40,000.00 $14,720.00 Hardware and Software Administration Costs $20,000.00 $20,000.00 Total $310,000.00 $108,320.00 Total Return on Security Investment Because security and compliance must be addressed holistically, the following table compares the total hardware, software, and management costs of the SecureSphere Data Security Suite to native logging and manual compliance processes. In addition, a Return on Security Investment (ROSI) calculation must factor in the cost and risk of a data security breach. The following table combines the data from the above tables to provide the return on investment of the SecureSphere Data Security Suite versus no dedicated Web application, database, or file security. Without SecureSphere Year 1 Year 2 Year 3 Year 4 Year 5 Vulnerability Remediation Costs $182,500 $182,500 $182,500 $182,500 $182,500 Auditing and Compliance Costs $687,500 $412,500 $412,500 $412,500 $412,500 Hardware and Software Costs $310,000 $60,000 $60,000 $60,000 $60,000 Data Breach Cost = Probability x Impact $337,500 $337,500 $337,500 $337,500 $337,500 Total Cost without SecureSphere $1,517,500 $992,500 $992,500 $992,500 $992,500 SecureSphere Costs and Risk Posture Year 1 Year 2 Year 3 Year 4 Year 5 Vulnerability Remediation Costs $50,450 $50,450 $50,450 $50,450 $50,450 Auditing and Compliance Costs $137,500 $67,100 $67,100 $67,100 $67,100 Hardware and Software Costs $108,320 $34,720 $34,720 $34,720 $34,720 Data Breach Cost = Probability x Impact $112,500 $112,500 $112,500 $112,500 $112,500 Total Costs with SecureSphere $408,770 $264,770 $264,770 $264,770 $264,770 Cost Savings with SecureSphere $4,019,650 ROSI with SecureSphere 274% Investment Based Discount Rate 10% NPV (Net Present Value) $3,654,227 The total infrastructure, labor, and data breach costs of the SecureSphere Data Security Suite over five years totaled $1.47 million, compared to $5.49 million for native logging, manual compliance processes and no proactive Web, database or file security protection. Note that the projected data breach cost savings for SecureSphere were conservative, assuming only the cost savings associated with monitoring traffic and pinpointing individual breached records. With 98% of breached records originating from servers, the SecureSphere Data Security Suite, with an integrated Web Application Firewall, should be able to prevent most data breaches from ever occurring. Imperva White Paper < 12 >
  • 13. White Paper Summary With the growing threats to applications and data, from large-scale, automated Web attacks to insider malfeasance, proactive data security has become mandatory. Besides protecting critical assets, a host of regulations have spurred the need to audit activity and streamline compliance processes. Unfortunately existing security solutions cannot effectively stop data security attacks or address security and compliance concerns holistically. A dedicated Data Security solution like Imperva SecureSphere not only satisfies today’s security and compliance requirements, it also offers a return on investment of 274% compared to not using a data security solution at all. When compared to alternative solutions, Imperva SecureSphere is the only sensible and effective choice to secure sensitive applications and data. With SecureSphere, organizations can: » Protect applications, databases, and files from internal and external threats » Lower the cost of auditing while implementing separation of duties » Automate compliance reporting » Virtually patch application and database vulnerabilities With its indisputable value, it is not surprising that Imperva has become the market leader for Web, database, and file monitoring and protection. Trusted by thousands of leading organizations around the world, Imperva SecureSphere is the practical, cost-effective solution for Data Security. About Imperva Imperva is the global leader in data security. Our customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft by hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, Web applications and file systems. To learn more about Imperva’s solution visit http://www.imperva.com. Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com © Copyright 2010, Imperva All rights reserved. Imperva, SecureSphere, and "Protecting the Data That Drives Business" are registered trademarks of Imperva. All other brand or product names are trademarks or registered trademarks of their respective holders. #WP-BC-DATA-SECURITY-1010rev1

×