We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

Could you elaborate what would you like to achieve when you use a "secure the access" phrase? Blocking?

You can include many classification rules in the classification process.

We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

Maybe i didn't explian it properly, what i mean is can a specific column in a table be classified only and not the whole table ? 

Could you elaborate what would you like to achieve when you use a "secure the access" phrase? Blocking?

You can include many classification rules in the classification process.

We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

Sami,
It really depends on what you want to do with it.  
At the column level, you can report on it, mask it.
At the object level, it becomes easier to decide if you wan to act on it, block, real-time alert from Guardium database activity monitoring, create a ticket for investigation.
So classification helps to make Guardium monitoring more meaningful by monitoring the relevant objects/data. 
So it really comes down to what the action will be if someone selects, changes, or deletes the relevant data.

We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

Sami,

The classification portion of Guardium will include the table and column.

When you say "secure" access, then you are getting down to the policy level.  Guardium does allow object and field and object/field groups you can define. I have a test case myself where one column is highly sensitive and can be in many tables across the enterprise. So I created an object/field based Guardium rule. 

So at the policy level, you can use groups of fields to secure the access.  There are some restrictions by database platform. But typically if you can use Data Classification, then that platform can likely perform the appropriate action in the policy.

Jennifer

------------------------------
Jennifer Dodson
Security Technical Professional
Global Sales, Financial Services
1 469 502 8850 Mobile
jennifer.dodson@ibm.com

IBM

Original Message:
Sent: Tue May 30, 2023 08:55 AM
From: Jennifer Dodson
Subject: Classifying a table with multiple classification

Sami,
It really depends on what you want to do with it.  
At the column level, you can report on it, mask it.
At the object level, it becomes easier to decide if you wan to act on it, block, real-time alert from Guardium database activity monitoring, create a ticket for investigation.
So classification helps to make Guardium monitoring more meaningful by monitoring the relevant objects/data. 
So it really comes down to what the action will be if someone selects, changes, or deletes the relevant data.

------------------------------
Jennifer Dodson

Original Message:
Sent: Fri May 26, 2023 03:20 PM
From: Sami Ali
Subject: Classifying a table with multiple classification

We just got IBM Guradium at our enterprise and me and my colleagues are still learning about it, one of the requirements we got was to classifying a table in the DB with more than one classification. For example a table can have a column where it contains sensitive data like (credit card info) and one where it contains the (name), how can we secure the access on the first column ? the other has to be secured of course but not as highly secured like the (credit card info). is it related to groups or a policy might solve this ? I would appreciate the help if you can.

Thank you

------------------------------
Sami Ali
------------------------------