It has also named a new director of the data security division, and is beginning to form the strategy behind its new Strategic Data Management initiative.

The latest release, DSAuditor 3.6, is an incremental upgrade, adding the ability to parse activity-impacting stored procedures, reference data, specific database commands, and bind variables. It’s the first new release in the former Ambeo product line, which is now the data security pillar of Embarcadero’s strategic data management strategy.

(For those with long memories, Ambeo began life as Pine Cone Systems, a data warehousing management tools vendor that for a time associated with guru Bill Inman.)

DSAuditor complements Embarcadero’s existing product families serving data modeling and database administration.

As part of the new focus on data security, the company has recruited Gregory Davoll, formerly of NetIQ, to head the new initiative. According to Davoll, the obvious initial focus is responding to the need for better compliance reporting.

With auditing tools tracking what happens to data, it is an obvious place to look when complying with mandates such as Sarbanes-Oxley, which governs the reliability of corporate financial data, and other measures such as Gram-Leach-Bliley or HIPAA, which focus on data privacy.

Many of our prospects are looking at this product not just for compliance, said Davoll. They also want change management. They want to know what changes happened to what data, and whether the changes were managed or unmanaged.

Davoll explained that the need for packaging reporting capabilities is because those reports are difficult for data auditors to create or manage by hand.

Consequently, the first real sign of what Embarcadero will do with its recent Ambeo acquisition will come when it releases version 4.0 of DSAudit, probably in Q3, where it will focus on reporting and segregation of duties covering the stewardship of data.

Admittedly, a major challenge facing Embarcadero is raising awareness that data stewardship has a lifecycle, not unlike that of software development. In both cases, it involves getting different audiences to focus, not only on their narrowly delineated responsibilities, but where their roles fit into the overall scheme.

For instance, with application life cycle management, designers and architects had to get on the same page with business analysts, software developers, testers, and operations. For what Embarcadero terms strategic data management, it would require a similar shared consciousness among data architects, DBAs, IT security, audit and compliance, and business analysts.

At the sales and marketing level, it requires Embarcadero to develop a message and strategy that will ring true with professional constituencies that until now have had little to do with each other. If the experiences in the application life cycle are any indication, it faces an uphill fight.

According to Davoll, compliance has driven Embarcadero customers to address data security. He adds that emergence of best practices frameworks like COBiT are driving vendors like embarcadero to add the necessary technology.

So where does data security go and who delivers it? In some areas, it’s an open and shut case. Data encryption is being supplied by database vendors for data at rest (sitting inside a database). When it is being backed up, that may be the domain of backup and recovery vendors.

But if you have multiple databases from different vendors, and you want to know if the right data is being designed and protected in the right way, that’s where Embarcadero wants to play.

As to the data lifecycle, Davoll sees potential synergies in providing links at the process level, such as enabling data modelers or architects to tag or document data that is especially sensitive. For instance, they could indicate that social security numbers of health records be marked off limits, providing prompts to data auditors down the line to direct their attention at specific columns or tables.

Consequently, while building a unified framework to chart the management of data over its life cycle might prove overkill, adding a few well-placed process links might provide the 80% solution, Davoll said.