Visa Wraps Up Database Security in Time for the Holidays

The world's largest credit card issuer teams up with AppSec to secure its databases.

Database security vendor Application Security Inc. has entered a two-year partnership with Visa International to ensure that the worlds largest credit card issuer is on the cutting edge of protecting its databases, the two firms announced this week.

The partnership is geared to providing Visa, which is by far the worlds largest credit card brand, protection for customers personal information and the credit card numbers of the 1.3 billion cards the company now has in circulation.

Application Securitys flagship product is AppDetective, a network-based vulnerability assessment scanner for databases. It also sells AppRadar, a real-time database intrusion detection and auditing tool, and DbEncrypt, a tool for column-level encryption of production databases.

According to Ted Julian, vice president of marketing for the New York security tools firm, the timing is ripe, as online retailers head into a season of what is expected to be the biggest volume of sales ever. "One thing that goes along with [e-retail during the holiday season] are security concerns and people concerned with buying things online," he said. "In that context, Visa has an important opinion or role to play. They have a unique perspective on the holiday season and on protecting customer information."

Indeed, according to a recent report from Forrester Research Inc., online holiday sales will hit $13.2 billion this year—a 20 percent increase over last year.

Unfortunately, the flip side of the rising use of credit cards online is the spiraling incidence of thieves snatching credit card numbers, Social Security numbers and other personal data. This was dramatically demonstrated on Friday, when a Newark, N.J., federal grand jury indicted 19 people in the United States and abroad who were connected to a Web site that investigators said was one of the largest centers for online trafficking in stolen identity information and credit cards.

According to Gartner Inc., some 75 percent of cyber attacks are now occurring at the application level—as opposed to the perimeter—where firewalls reside. That means that databases are now a primary target. "At the end of the day, all the transactions, all the credit card numbers, sit in the database," Julian said.

Cyber criminals have shifted their attention to the application level because they target the weakest link, according to Sarah Perry, senior vice president in charge of strategic ventures with Visa, in San Francisco. As enterprises have focused on securing the perimeter, the next weakest link in the chain has become the database.

"As solutions evolve, the perimeter is protected, and … it becomes more difficult to crack that," she said. "What has been largely unprotected, or ineffectively protected, is the area that becomes the next most vulnerable area, which is that which resides within the company, and the data sitting within the databases."

Next Page: Most enterprises still neglect database security.