Don't Wait To Lock Down DB2

By Ericka Chickowski
DarkReading
Special to Dark Reading
Jan 08, 2010

As pundits ponder how IBM will leverage its acquisition of database security vendor Guardium to add more security features and functionalities to its in-house DB2 databases, now is the time for organizations to re-examine their DB2 security strategies. But many haven't even tapped the security features they already have available in DB2.

Many organizations don't take advantage of the existing capabilities that DB2 provides for locking down access to information, IBM executives say. Among DB2's extant security controls, some of the most powerful features that organizations often leave untouched -- to their detriment
-- revolve around access control. These include two biggies: utilities label-based access control (LBAC) and trusted context.

LBAC, which is designed to offer fine-grained access control, lets DB2 administrators extend controls over data that reach far beyond the simple masking of rows or columns. Administrators can use LBAC to control table objects by attaching security labels to them. Users who try to access these objects must have the corresponding security label granted to them in order to view that data.

"I think that's one of the newer areas where, in my experience with clients, they haven't leveraged a lot of it yet," says Jim Lee, director of product management and strategy for IBM's Information Management division. "I think LBAC is not commonly used today."