Security Inside Out

Thank you everyone who joined us yesterday for our “Oracle Database Security for Security Administrators” webcast with Rich Mogull hosted Network World. If you missed it, you can catch the replay the on-demand version and join us for the next one in the series, “Information Security for Database Administrators” on February 5, 2009 – I will post registration info as soon as it’s available.

During the webcast we ran some polls and I know everyone is curious about the results so here they are.

Note the first question was actually asked as “What group(s) in your organization is responsible for database security? (Check all that apply)” but unfortunately the console only allowed selecting one option so we had folks vote on which group was primarily responsible. Not surprisingly about 50% selected Database and about 30% selected the Security Group. We saw very similar results in the 2008 IOUG Data Security Report which was in large part what motivated me to talk to Rich about doing this series on database security for security administrators information security for database administrators. That said, I’m really curious about that 8.8% Other. If you were one of the folks that voted for Other, please post on the blog and let us know what group in your organization is responsible for database security??

It was also encouraging to see close to 50% are doing some database encryption. Again this number is consistent with other surveys I’ve seen recently and has been slowly creeping up over the years. But the fact that less than 15% are encrypting all the databases containing sensitive information says we still have a long way to go. And the fact that over 65% are still not encrypting all backups and exports says we can expect those data breach rates to keep climbing in 2009. Sigh. Looks like a bunch of you felt too guilty to even respond to that question so I’m guessing there were actually even more of you out there not encrypting your backups and exports. As one of the hundreds of millions of people who’s personally identifiable information was exposed due to a lost backup tape, I personally implore you to start encrypting your backups and exports today!

You can download our free Oracle Advanced Security Resource Kit to help you get started. Oracle Advanced Security is a complete database encryption solution you can use to encrypt data at rest within the database, data in transit between your applications and the database, as well as all your exports and backups. The encryption/decryption happens transparently within the database kernel so there are no changes to your applications required. As one of our customers put it in an Oracle Magazine on article database security a few months ago, “Oracle product has truly lived up to its name—it is truly transparent data encryption.”

If you want to learn more about Oracle Advanced Security (and Oracle Data Masking for protecting data in non-production environments), you can also register for our free live seminar on January 8.