Tuesday, May 23, 2006
Reverse Industry Analysis: Database Security
I have been known to rant about the industry analyst community but think I have landed on something that enterprise architects should pay attention to. Many folks in the community are aware that I have been working passionately on an industrywide specification (I wonder if this counts as a form of open source) that addresses a problem space I have labelled as data masking.
The problem space says that many databases don't have the right protection mechanisms in order to secure personally identifiable information. My specification has formalized SQL grammar about this problem along with many recommendations for putting encryption functionality within database engines.
So far, I have managed to catch the attention of twenty enterprise architect peers (and would love to see this number grow) with the specification. I have also shared it with Dan Blum of the Burton Group and Michael Cote of Redmonk.
My original thought in sharing was to solicit feedback but now has morphed into me figuring out how to get acceleration and amplification of this specification. I would love to not only influence the research calendar of this organizations but actually tell them in explicit detail what they should be writing about. It doesn't stop there. I wonder if I wrote my own research, could I pay an analyst firm to force distribute it to their client base? This would meet my needs nicely.
Anyway, if you are curious about better ways to protect enterprise data, please leave a comment with your work email address. IBM has committed to implementing the specification in the next release of DB/2. The vendor that has the lead on it though, is a vendor that in of itself deserves more industry analyst coverage. Check out Ants as they have a value proposition that really needs to be paid attention to.
Microsoft is also considering implementation of this specification. I had a wonderful conversation with one of the SQL Server program managers in Redmond last night and they quickly understood the value proposition.
The funny thing is that the laggards in terms of implementation will be many of the players in the open source community including MySQL, Postgres and Ingres. Maybe enterprises should consider database security over simply having the ability to have cheap databases. After all, isn't protecting customer data top priority...
Links to this post: