By roxana.bradescu on September 18, 2008 11:02 PM
At last count, we had 82 sessions covering security at this year’s Oracle Open World starting on Sunday September 21. This is a record but not surprising when you consider that Oracle offers the virtual machine, the operating system, the database, the middleware, and the applications needed to run pretty much any kind of enterprise, from grocery store chains to entire governments. And everything in that stack needs to be secured - really drives home defense-in-depth. Database Security is really the lynchpin of that defense-in-depth since most organizations store all their mission critical data in their databases. So whether you are a DBA, an HR Manager, an IT Apps Developer, or a Compliance Officer, I encourage you to go to some database security sessions and stop by the Database Security demo grounds in Moscone South.
If you want to catch up with me personally (to perhaps complain about my blogging lapses ;-) I will be on the panel at the “IOUG Security Roundtable” Sunday September 21 at 1pm (Moscone West Rm 2003) and moderating the “Applications Data Privacy: An Expert Panel Discussion” session Wednesday September 24, 11.30am (Moscone West, Rm 2001). I am very excited to be moderating this session - we have an amazing panel and we’re going to be discussing data masking and de-identification.
Oh and if you want to take a break from security, there’s always Michael Phelps!
By roxana.bradescu on September 19, 2008 4:54 PM
Yesterday the IOUG announced the results of the survey conducted in August. The report is entitled Enterprise Data Insecurity: Are Organizations Prepared for the Threat From Within? and you can download it here. The key findings were pretty troubling:
One out of five respondents expects a data breach or incident over the coming year. Only one out of four said all databases are locked down against attacks.
Organizations see the greatest risks from internal access, either by unauthorized users, or by "super users" such as administrators with access privileges.
Most organizations do not have mechanisms in place to prevent database administrators and other privileged database users from reading or tampering with sensitive information in financial, HR, or other business applications. Most are unable to even detect such breaches or incidents.
Sending out data to outside parties is now a common practice.
One out of four sites covered in this survey do not encrypt data within their databases, and close to one out five are not even sure whether this encryption takes place.
Two out of five organizations employ actual production data within non-production environments, thereby exposing this information in unsecured settings.
There is growing awareness of potential risks. Most organizations monitor their databases for changes that may be indicators of malicious activity.
I won't say more for now and let everyone take a look at the report and digest. I will be blogging more on various aspects of the report over the next few weeks. And if you haven't already tried our enterprise data security self-assessment tool give it a try. We don't track any of the results so it's really just a way to learn more about what you can be doing to protect your databases and comply with regulatory requirements.
By roxana.bradescu on September 24, 2008 7:18 AM
Don't feel left out if you didn't make it Oracle Open World this year. We have two web seminars on database security coming up. The first one is next week on Thursday October 2 at 11am PT / 2pm ET. We will be discussing protecting data privacy in production and non-production environments. If you want to better understand the difference between data encryption and masking, and get more information on Oracle Advanced Security and Oracle Data Masking, then you don't want to miss this. This will be a live event and we will leave plenty of time for Q&A at the end. These events are free but attendance is limited so you will want to register and reserve your spot quickly. Click here for your invitation.
