Tuesday Apr 19, 2016

Wanted: Outstanding Oracle Security Experts to Speak @OpenWorld 2016

We want you to speak at OpenWorld 2016

The Oracle OpenWorld 2016 call for proposals is now open. Attendees at the conference are eager to hear from experts on Oracle security and technology. They're looking for insights and improvements they can put to use in their own jobs: exciting innovations, strategies to modernize their business, different or easier ways to implement, unique use cases, lessons learned, the best of best practices.

Oracle OpenWorld in San Francisco

If you've got something special to share with other Oracle Identity Management and Database Security users and technologists, they want to hear from you, and so do we.

Submit your proposal now for this opportunity to present at Oracle OpenWorld, the most important Oracle technology and business conference of the year.

Tuesday Apr 05, 2016

New Paper Explains Oracle Public Cloud Security

Security: Top Priority 

Security is a top priority for Oracle Cloud solutions. Oracle’s vision is to create the most secure and trusted public cloud infrastructure and platform services for enterprises and government organizations. Oracle’s mission is to build secure public cloud infrastructure and platform services where there is greater trust - where Oracle customers have effective and manageable security to run their workloads with more confidence, and build scalable and trusted secure cloud solutions.

In a new whitepaper, titled Oracle Infrastructure and Platform Cloud Services Security, Oracle's cloud security philosophy is explained, which includes our shared cloud security model that we have with our customers.

The paper focuses on shared and service-specific security capabilities of the following services:

  • Oracle Compute Cloud Service
  • Oracle Storage Cloud Service
  • Oracle Network Cloud Service
  • Oracle Java Cloud Service
  • Oracle Database Cloud Service – Enterprise Edition

For a comprehensive list of the available Oracle Cloud services, go to https://www.oracle.com/cloud.

Cloud Security Capabilities

As we talk to customers, they desire the following security capabilities. The paper therefore, is organized to explain how we address:

Shanghai

  • Control: Security mechanisms to control who can access data and under which conditions
  • Auditing: Ability to audit resources to maintain their security configuration
  • Visibility: Logs providing visibility into accounts and resources
  • Assurance: Ability to independently verify how data is being stored, accessed, and protected against unauthorized access and modification
  • Security: Services that are designed, coded, tested, deployed, and managed securely
  • Out-of-the-box integration with existing Oracle technologies: Seamless integration with existing Oracle solutions such as identity and access management 

Fully Committed to Cloud

The protection of customer data is a primary design consideration for all of Oracle’s public cloud infrastructure and services. Oracle Cloud was developed to offer secure infrastructure and platform services that are used by Oracle customers to run their mission-critical enterprise workloads and store their data. Oracle believes that it has the right security philosophy, strategy, proven expertise, and resources to protect customer data and enable customers to build secure and private cloud solutions. Oracle is fully committed to continuing to invest in security capabilities to create the most secure public cloud infrastructure and trusted cloud services. These capabilities enable Oracle customers to have effective and manageable security, to run their workloads with more confidence, and to build trusted hybrid cloud solutions. 

Download the new whitepaper here.

Wednesday Mar 23, 2016

Oracle Magazine Highlights "Security at Every Level"

Oracle’s security focus and strategy protect the enterprise with a secure technology portfolio and identity management, database, and silicon security solutions.

Oracle’s earliest customers included the US Central Intelligence Agency and the Department of Defense, organizations focused intensely on security. In more than 30 years in the enterprise software business, Oracle has refined a security strategy that starts with an engineering culture rooted in secure development practices and support processes; provides security controls throughout the Oracle enterprise technology stack; and delivers on-premises and cloud security solutions.

Read the rest of the article here to learn how Oracle ensures trust, builds security into our stack, and delivers security in silicon with the new SPARC M7 chipset.

Tuesday Mar 01, 2016

Securing Oracle Public Clouds

There is an incredible transformation we are all experiencing with cloud computing. The cloud truly is changing everything. It’s changing how businesses run and people work; it’s creating new categories, disrupting existing categories, and it’s changing how we communicate and share. It’s changing the economics of business forever.  It’s happening at a speed no one ever imagined and it means a new way of thinking for security practitioners.


Transformation

When we look at the enterprise, we see that on every level, there are transformations that are encouraging a fluidity of boundaries.

The Extended Enterprise is about the always-on expectation from users, about a corporate environment that is no longer limited to the four walls of the enterprise.  Essentially, the Internet has become the corporate network; a coffee shop has become the corporate office. Work is no longer a place…it’s wherever you get inspiration.


Within that corporate network, applications that used to be selected, deployed and maintained by IT are increasingly giving way to applications that employees introduce into the network themselves.  Often this is to increase productivity, or solve a problem that can’t be addressed by existing tools.  For example, when files get too large for emailing, users may be tempted to use unsanctioned software as a service like Dropbox, or YouSendIt/Hightail in order to distribute information. This can cause challenges with internal IT teams that are enforcing corporate processes designed to lock down sensitive corporate data and keep it from showing up on shadow IT sites where they have no control.

The growing use of social collaboration and sharing regardless of location; the rising adoption of cloud computing; the proliferation of mobile devices; these are creating a fundamental shift within the enterprise that are breaking down the traditional four walls that have constrained IT to the corporate network and private WAN.  This begs the questions, “where did the perimeter go?"


The Perimeter has Evolved

We’re moving fast and it’s difficult to run a business with the expectation that we can prevent perimeter network penetration. The perimeter has evolved and we must assume the perimeter will be breached and deploy solutions that protect our assets, starting with the most valuable. Now, enterprises face a boundless future where the four walls of the enterprise are fluid.  They extend to the cloud. And follow users from network to network, device to device. These need to be addressed within the context of rapid evolution in the threat landscape. This heightened risk comes at a time when users are increasingly leaving the safety of the corporate network, yet are still trying to access corporate assets – now from anywhere in the world as we embrace mobile and cloud. 

In fact, according to a CSO MarketPulse survey we find that the allocation of resources are not appropriately aligned with the most vulnerable areas of attack.

Sixty-seven percent of the 200+ CSOs indicated they are allocating most of their resources to the network layer, and only 15% were allocating most of their resources to the database layer. And yet, when asked what IT layers were most vulnerable to an attack, more than half (52%) said their databases.

Let me be clear, I am not saying that securing the perimeter is a bad idea.  However, we need to augment where we’re placing our resources—now more than ever. The challenge is that for most enterprises, the network has become so large--encompassing multiple countries across the globe, outsourced data centers, and cloud computing--that it is harder and harder to secure the traditional perimeter from attack.

This is even more important when we consider how to secure on premises and cloud based assets in a boundless world. It’s how you secure everything from your perimeters to your networks to your software and even your hardware. To help businesses achieve that, we will need to change.


Turning Security from an Inhibitor to an Enabler of Cloud

How many of you believe security is actually an inhibitor to Cloud adoption? In Oracle's eleven critical cloud predictions to take into 2016, Oracle CIO Mark Sunday says, “Today, the #1 reason organizations are not moving to the cloud is security. However, tomorrow, security will be one of the most important drivers to move to the cloud.”

The article goes on to explain, "A survey by Harvard Business Review Analytic Services (sponsored by Oracle) found that 62 percent of respondents thought security issues were by far the biggest barriers to expanding cloud adoption at their companies. Nearly half said data security is harder in the cloud.

But those very same concerns will soon drive organizations to the cloud. Established cloud vendors with a solid security track record have the expertise and resources to deploy layers of defense that many companies can’t hope to duplicate in-house."


So, How Do We Do It?

Oracle secures every layer of both on premises and the cloud. By owning best in class SaaS, PaaS, and IaaS, our goal is to protect each and every aspect of your on premises, private, and public cloud environments.

[Disclaimer: Not all technologies identified here are available for all Oracle Cloud Services.]

To build a secure cloud, it starts with the underlying infrastructure—a secure cloud must be built on a foundation that is securely designed and developed from the outset.

Oracle starts with defensive layers of defense. This is how we’ve built our solutions to work together and be more secure through seamless integration and layers of security. Then we add a comprehensive set of security controls across these solutions in order to protect the entire environment, from physical to logical security controls.

These include preventive controls that protect against bad guys getting to the data, and if they do, it would be rendered useless. This includes detective security controls that detect suspicious activity in process and can raise an alert. This is what I like to call our forensics capabilities. Finally, it includes the administrative process and procedures we follow to build security in to our cloud environment. Let's look at both of these in more detail: Security and Control.


Layered Security Defense

When looking at security, it’s important to provide layered security, also known as defense-in-depth, because no one control can mitigate all threats. Oracle is working to provide multiple layers of security in our cloud. So, whether on premise or cloud, these are the requirements for a secure IT environment.

[Disclaimer: Not all technologies identified here are available for all Oracle Cloud Services.]

First, you want to integrate security into the foundation of the software. From the underlying silicon to the firmware that is built into the silicon, to the operating systems and applications.

Let’s start with the Silicon layer and work our way up to the applications layer:

Silicon

Ultimately, security should be enabled at multiple layers and pushed down the stack as far as you can go. For example, security at the database layer is preferable to security at the application layer. When you encrypt data in the database, all applications that are connected to that database gain the encryption capability. Otherwise, you would have to code encryption into each of those applications, which would take a long time and is error prone. If you push security down into the silicon layer, then the software that is built on that silicon inherits that security. You need to be able to secure data in memory from corruption and attack through unauthorized access or buffer over-runs, because if someone can control your systems at the chip layer, then they can potentially own all the software that sits on top.

Infrastructure

At the infrastructure layer, Oracle provides storage and will soon be offering elastic compute so that our customers can run any workload in the cloud. For our storage service, we provide backup of your sensitive data and can encrypt it all for you.
When our elastic compute service is ready, organizations will enable unrestricted, and yet secure communications between selected VMs. By creating dynamic firewalls, also known as security lists, and adding your VMs to that list, the VMs can communicate with each other in the same list over any protocol and port. This is a secure way to communicate between known virtual machines. By default, the VMs in a security list are isolated from hosts outside the security list.
At any time, to block access— permanently or temporarily—to all VMs in a security list, delete or disable the relevant security rules. To block access to specific VMs rather than to the entire security list, remove those VMs from the security list. What you ultimately get is the ability to have fine grained network access control over your compute environment.

Database

At the database layer, Oracle Database as a Service includes tightly integrated Oracle Advanced Security with transparent data encryption to secure data at rest on disk and on database backups. Our same on premise data encryption technology is built into our database as a service and is transparent to users and applications because the encryption takes place at the kernel layer.

This extends up into the application layer, so that when applications make calls to the database, we can redact, or remove sensitive data from the application layer, on the fly, so that unauthorized users are unable to see sensitive data. This data redaction is part of our Advanced Security solution. And again, is built into the kernel, which avoids tampering methods and provides better security.

In order to prevent privileged users (ours in the cloud or yours on premise) from gaining unfettered access across the entire database, Oracle Database Vault can restrict credentials to a least privilege state, so that administrators can only perform the tasks necessary to do their jobs, and no more. So for example, they can maybe administrate backups, but not necessarily be able to read or write into that database.

Middleware

Throughout many of our Oracle cloud services (Fusion Apps, PaaS, and IaaS) when a user registers, the account and credential information is stored in Oracle Internet Directory. When a user wants to authenticate and gain access to several services, the single sign-on is handled by Oracle Access Manager. When a user account is disabled, it can be disabled across multiple services. Each of these capabilities is enabled by Oracle Identity Management, and we’ve been providing these services for some time now.

Oracle has put a great deal of effort into developing powerful, robust security mechanisms within its products and within our cloud, and we want to make sure that customers are fully leveraging these security features.

Applications

Finally, at the top of our stack you want to provide Single Sign-On across multiple applications because the least amount of user names and passwords you manage, the better. Oracle provides integrated access controls that are dependent on your role. And I mentioned the ability to remove or redact sensitive data from applications by way of the database kernel; application developers do not have to do complete development rewrites in the application code in order to redact data. Instead, DBAs can implement redaction policies within the database and cover multiple applications.

From the chip level up, we have thought through layered security defenses built into the cloud. This strategy is not dependent on a single security tactic or approach. It provides multiple layers of protection.


Comprehensive Security Controls for the Cloud

From physical security in and around our datacenters, to applying security controls at the application, network, and logical access layers, you can see why Oracle can provide as good as, or dare I say better security, than you can obtain on premise.

As we drill down into each layer you can see security is baked into both physical and logical access.

For physical access, we have multiple security zones that our IT staff must pass through in order to gain clearance throughout the datacenter, including a reception desk, access cards, biometrics in the way of keypads or retina scanners. All of this is under video surveillance, plus more.

We carry this practice of depth in defense to Logical Access layer. We mandate encryption on all staff computers, implement personal firewalls, two-factor authentication, and layers of role based privilege access controls. This helps mitigate stolen username and password threat vectors. All of this is managed by Oracle Identity Management, the same suite that many of you use to gain access to corporate systems.

And for detective security controls, we apply forensics – looking for security vulnerabilities.  We monitor access and conduct monthly reviews.  And the layers of defense continue; we also deploy security controls using vendors that we do not directly compete with in order to cover the gaps where Oracle doesn’t play.

Security is no longer a reason to not move to the cloud, but in fact a reason to move to the cloud. Security is an enabler: Just as Oracle helps reduce costs associated with system deployments, maintenance and tuning, it’s is even more difficult to find qualified staff to secure your environments. Oracle has the resources and knowledge to secure your deployments in the Oracle Cloud.


Securing the Hybrid Cloud

Security has also enabled you with a choice of how you deploy, as well as a transition from on premise to the cloud.

You see, now you can maintain existing on premises deployments and connect to your public cloud. This provides comprehensive security for a hybrid deployment. This also provides flexibility and choice because we’ve integrated many of our technologies.

Security is an enabler: You now have a common set of security controls that address regulatory compliance requirements, a common set of security policies that extend across on premise and cloud, and multiple security layers that are integrated and built in from the infrastructure up.

To learn more about how Oracle Secures the Public Cloud, please read Oracle Cloud Enterprise Hosting and Delivery Policies.

Tuesday Feb 16, 2016

Larry Ellison, New Rules of Thumb for Next-Generation Data Security

In his keynote address at Oracle OpenWorld 2015, Oracle Executive Chairman and Chief Technology Officer Larry Ellison highlighted the urgent need for advanced next-generation data security technologies—and outlined two new rules of thumb for data security in the age of megabreaches. 

Recent breaches extend far beyond the theft of data from tens of millions of retail and banking customers. Even the US Office of Personnel Management has lost highly sensitive data relating to over 20 million federal employees—all the way up to White House staff. 

"Organizations are losing a lot of these cyberbattles," said Ellison. "Our industry needs to rethink how we deliver technology, especially as vast amounts of data are moved to the cloud."

Read more of this article and Oracle's perspective.

Thursday Feb 04, 2016

ISACA Webcast on Cloud Security Prediction, Feb 11, 2016

Please join me February 11, 2016 for the ISACA webcast, Prediction: Security Moves from Barrier to Main Benefit of Cloud Adoption where I will discuss some of the cloud security challenges facing organizations. I will also discuss how cloud vendors should be implementing security controls for their public clouds so that organizations have more confidence putting their sensitive systems and data there. And you'll receive a CPE for joining me.

Here's the abstract:

In a recent cloud predictions article, Oracle CIO, Mark Sunday predicts “Today, the #1 reason organizations are not moving to the cloud is security. However, tomorrow, security will be one of the most important drivers to move to the cloud.” A survey by Harvard Business Review Analytic Services (sponsored by Oracle) found that 62 percent of respondents thought security issues were by far the biggest barriers to expanding cloud adoption at their companies. But those very same concerns will soon drive organizations to the cloud. Join this Oracle and ISACA webcast to learn how established cloud vendors with a solid security track record have the expertise and resources to deploy layers of defense that many companies can’t hope to duplicate in-house. 

I hope to see you there.  

Wednesday Jan 13, 2016

Oracle at RSA Conference 2016

Announcing Oracle at RSA Conference 2016 – Where the World Talks Security!

Moscone Center, San Francisco
February 29 – March 4 

 

Fueled by a $288B black market for information, we are in the midst of a data breach epidemic; spending on technology has failed to reduce the risk. Effective modern security to mitigate a data breach requires an inside-out approach with a focus on data and internal controls. 

Join Oracle at RSA Conference 2016 February 29 – March 4, and glean insight into helping your organization build an inside-out security strategy.

Oracle Speaking Session (PDAC-FO3)

Friday, March 4, 2016 | 11:20 AM – 12:10 PM | West | Room 2005

Encryption without Enterprise Key Management – It’s Like Icing without Cake, Saikat Saha, Sr. Principal Product Manager, Oracle 

Deploying encryption systems without effective key management will not deliver on the promise of data security. Whilst the exciting part is the encryption technologies, loss of the keys will compromise any solution. In this session we’ll explore the value provided by the standardization of key management protocols as well as the critical part of a security solution it plays.

Meet the Experts

Visit the Oracle Security Solution Showcase (Booth #4704) to meet our security experts and see live product demonstrations. 

  • Monday, Feb 29th – 5 – 7 p.m. (Welcome reception)
  • Tuesday, Mar 1st – 10 a.m. – 6p.m.
  • Wednesday, Mar 2nd – 10 a.m. – 6 p.m.
  • Thursday, Mar 3rd – 10 a.m. – 3 p.m.

 

Register for a complimentary Exhibit Hall Pass using code XEORACLE16 (deadline Friday, February 26th) 

Thursday Jan 07, 2016

Cloud Prediction #2: Security as an Enabler

Check out Oracle's eleven critical predictions as we head into 2016 and you'll find security will move from a barrier to cloud adoption to one of its main benefits.

“Today, the #1 reason organizations are not moving to the cloud is security. However, tomorrow, security will be one of the most important drivers to move to the cloud,” said Oracle CIO Mark Sunday. 

Security should be an enabler for organizations to move to the cloud. A company like Oracle has both the logical and physical security resources and knowledge that many organizations cannot match. Oracle's cloud is a very secure cloud that provides our customers trust that their applications run securely so they can focus on innovation.  

Brakes on a car enable you to go faster. Without brakes, you must go slowly and you can’t drive down hills. It’s very limiting. The cloud is a business enabler and security must be necessary and sufficient so that organizations can move fast as well as safe. 

“Cloud vendors like Oracle that have a comprehensive and integrated defense of layered security controls are what can turn security from an inhibitor to an enabler of enterprise cloud deployments,” Sunday concludes.

Read his prediction and the ten others here.  

Thursday Sep 24, 2015

Encryption is the Easy Part; Managing those Keys is Difficult

Security threats and increased regulation of personally identifiable information, payment card data, healthcare records, and other sensitive information have expanded the use of encryption in the data center and cloud. As a result, management of encryption keys, certificates, wallets, and other secrets has become a vital part of an organization’s ecosystem, impacting both security and business continuity. Join this ISACA and Oracle webcast as we examine the challenges with encryption, on premise and in cloud, and how key management best practices can help facilitate the secure deployment of encryption across the enterprise. Challenges we’ll address include:
  •     Managing encryption keys, Oracle Wallets, Java Keystores and Credential files across the enterprise
  •     Securely sharing keys across authorized endpoints
  •     Auditing key access controls and key lifecycle changes
  •     Detailed management reports

ISACA Members Earn Free CPE

Special Guest

Note, we'll have special guest Saikat Saha who has specialized in the area of data encryption and key management. Saikat currently works as product manager in the Oracle Database security team. He also serves as co-chair of the OASIS KMIP (Key Management Interoperability Protocol) industry standard technical committee. He has launched multiple successful security products in the market related to data encryption, application encryption and key management over last decade. Saikat holds a B.E from National Institute of Technology, Durgapur, India and an MBA from Leavey School of Business, Santa Clara University.

When and Where?

Date:  Thursday, 8 October 2015
Time:  12PM (EDT) / 11AM (CDT) / 9:00 (PDT)

Register Now

Friday Sep 11, 2015

Secure the Crown Jewels

What's the secret to being the longest running Monarch in British history? I'd like to think keeping your crown jewels safe; they symbolize the power and continuity of the monarchy. However, as anything that represents worth, or power, there will always be attempts to steal it.

In 1671, Colonel Thomas Blood  attempted to steal the crown jewels from inside the Tower of London. Just like we have cyber criminals stealing privileged users' credentials in order to fly under the radar and steal from our governments and corporations, so did Mr. Blood. Over a period of time, he gained the trust--and eventually access to the jewels--from the Master of the Jewel House, Talbot Edwards. Blood and his fellow criminals then managed to subdue Edwards and steal the Crown Jewels, but only for a short time. Blood was ultimately caught and interestingly awarded for his crime


The new Crown Jewels are organization and government data. This data represents information that organized criminals can sell on the black market, or intellectual property that espionage hackers can use for political or monetary advantage, or worse, blackmail and secrets that political hacktivists can expose. Unfortunately, unlike the case of Blood's attempt on the Crown Jewels, many of these cyber criminals are never caught because they weave an intricate and hidden path to the data, and exfiltrate it without being caught.

Data breaches continue to make headlines, and they are not just about stolen credit card information anymore. Data breaches are now targeting different industries and different types of information. What’s going on, and what can organizations do to protect their corporate data?

Oracle Magazine sat down with Vipin Samar, vice president of Oracle Database security, to talk about the latest data breaches, how data breach threats are evolving, and how to work with the wide variety of data that needs protection in the enterprise.

Read more here

Thursday Sep 10, 2015

Database Security at OpenWorld, 2015 -- Security is Hot!

Cybersecurity is Hot! In fact, so is the weather here in California at this moment. I write this in sweltering 95 degree temperatures and wonder if October--coincidentally National Cyber Security Awareness month--will be as hot outside San Francisco's Moscone Halls (and surrounding buildings) as it will be inside. Join me at Oracle OpenWorld, October 25-27th to find out. 

We are very excited to offer our customers over 77 talks on security, including our latest database security innovations.

Plan your days accordingly to attend these hot database security focused sessions. 

 Monday, Oct 26

  • What’s New in Oracle Database Security [CON6819]
  • Oracle Audit Vault and Database Firewall—Detect Breaches and Prevent Attacks [CON8668]
  • Data Protection in an Oracle E-Business Suite Situation? Oracle Label Security Is the Answer [CON2075]

Tuesday, Oct 27

  • Oracle Database Maximum Security Architecture—Protecting Critical Data Assets [CON8803]
  • Mask and Subset Sensitive Data for Test/Dev Databases On Premises or in the Cloud [CON8625]
  • Database Security: Preventing and Detecting Privileged User Attacks [HOL10437]

Wednesday, Oct 28

  • Oracle Database Vault for Pluggable Databases [CON1922]
  • Encrypting Oracle E-Business Suite 12.1 on Oracle Exadata Using TDE Functionality [CON2975]
  • Oracle Database Vault—Shrinking the Attack Surface for Your Application [CON8624]
  • Oracle Advanced Security—Enterprise-Grade Encryption for Your Sensitive Data [CON8563]
  • Minimize Security Risks by Masking and Subsetting Sensitive Data in Test and Developmen [HOL10507]

Thursday, Oct 29

  • Minimize Security Risks by Masking and Subsetting Sensitive Data in Test and Developmen [HOL10507]
  • Managing Advanced Security Database Encryption Keys with Oracle Key Vault [CON8562]
  • Oracle Database Security Customer Panel: Strategies and Best Practices [CON8655].

Get the details here with our focus on Database Security. And you can focus on all Security as well.  

Thursday Aug 27, 2015

Ready to meet privacy, security issues that come with Big Data?

Securing the Big Data Life Cycle

Managing big data involves more than dealing with storage and retrieval challenges – it requires addressing a variety of privacy and security issues as well. If you fail to secure the life cycle of your big data environment, you can face regulatory consequences, and worse, significant brand damage that data breaches can cause.

Download the resources, to learn about the top threats to Big Data environments, including:
  • Unauthorized access
  • Data provenance
  • Do-it-yourself Hadoop
Read the joint MIT and Oracle resources and learn the security controls to protect the big data life cycle:

White Paper: Securing the Big Data Life Cycle Video: Securing the Big Data Life Cycle Infographic: Securing the Big Data Life Cycle



Bigger Data, Bigger Responsibility Diversity of Big Data Sources Creates Big Security Challenges Big Data, Big Security: Defense in Depth

Related Assets from Oracle:

Monday Aug 24, 2015

Watch the Security Learning Streams

I wanted to call everyone's attention to the latest Oracle Learning streams for database security. 

Oracle's product management team has put together these three 13- to 25-minute clips in order to help our customers understand the value and benefits of a few of our database security solutions. Check them out:

Wednesday Jul 29, 2015

Security Inside Out Newsletter, July Edition is Out

The July edition of the Security Inside newsletter is now available. Sign up here for the Security Inside Out newsletter where we highlight key Oracle Security news and provide information on the latest webcasts, events, training and more. 

This month in the news:

Inoculating the Cloud

Another day, another data breach. From the recent cyber attack on the Internal Revenue Service to news of a security bug called VENOM, it seems as if frequent cybersecurity incidents represent the new normal. What new methods can your security group deploy to augment traditional perimeter defenses? The key is to focus on your most valuable asset—data—and build a security strategy that protects data at its source. 

Now Available! Oracle Identity Management 11g Release 2 PS3

Read about the new business-friendly user interface that simplifies the tasks associated with provisioning and managing today’s robust, identity-driven environments. Also learn about the expansion of mobile device management capabilities and a consolidated policy management framework that enables simplified provisioning of devices, applications, and access.

Securing Data Where It Matters Most

Putting defense in depth database protection in place is the first step to a security inside out data strategy. Even if an organization’s perimeter is breached, organizations can reduce risks by placing security controls around sensitive data, detecting and preventing SQL injection attacks, monitoring database activity, encrypting data at rest and in transit, redacting sensitive application data, and masking nonproduction databases. Read insights from Oracle Vice President of Security and Identity Solutions, Europe, the Middle East, and Africa, Alan Hartwell.

Wednesday Jun 17, 2015

Database Administrators –the Undercover Security Superheroes

Over the past five years, while enterprise IT departments were focusing on the rise of cloud, mobile, and social technologies, a lucrative black market emerged around the acquisition and sale of information. Today, this includes personal data, intellectual property, financial details and almost any form of information with economic value. 

It suffices to say that when it comes to data security, businesses now find themselves under assault like never before, and are in dire need of leadership to help overcome this systemic problem. Step forward the database administrator; the person with the knowledge and power to help secure sensitive data on behalf of the organization and its employees.

Like most free markets, the information black market sets the value of its focal commodity – in this case data – and allows buyers and sellers to connect via a complex underground network. Just as the world is producing more data than at any other point in history, these organized groups are finding new ways of stealing and monetizing this information.

For their part, senior executives are only too painfully aware of what’s at stake for their businesses, but often don’t know how to approach the problem. In an era where information is arguably the most valuable asset a company has, they will look to database professionals to help the business take a stand and prepare itself to best protect this crucial asset.

However, the knowledge gap these individuals will be addressing is large. Two-fifths of businesses admit they are not fully aware of where all the sensitive data in their organizations is kept, according to respondents to a recent Independent Oracle Users Group survey. Those taking proactive measures to lock down data and render it useless to outsiders are still in the minority, and relatively few have any safeguards in place to counter accidental or intentional staff abuse that could lead to a breach. These safeguards should also extend to DBAs themselves, as ultimately everyone in the organization is in a position to commit a data breach, whether inadvertently or intentionally. 40 Percent Unaware of Where Sensitive Data Resides

That said, together with security professionals, database administrators do have a fighting chance to combat assaults on their organization’s data. Their background gives them a unique understanding of what the risks are to the organization, where to find them and how they can ultimately be addressed or, in the best case, pre-empted.

As the stewards of highly sensitive intellectual property and personal information, database administrators will need to step up and lead the battle against the villains of the black market. As Voltaire once said, “With great power comes great responsibility”, a credo that holds as true for comic book superheroes as it does for the security champions of the enterprise.

If database administrators can bring security concerns front-of-mind for employees across the business, and help drive protective measures at every level of the organization’s IT, they will be well placed to take a stand and fend off the security challenges of the coming years.

Check out the Security Super Hero Infographic here.

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« May 2016
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today