Tuesday Jan 13, 2015

34% of Organizations Say Data Breach “Somewhat likely” to “Inevitable” in 2015

According to the latest Independent Oracle Users Group (IOUG) Enterprise Data Security Survey, one third of organizations say that a data breach is "somewhat likely" to "inevitable" in the next 12 months, up from 20% in 2008. Are organizations coming to the realization that data breaches will happen? 

2014 IOUG Data Security Survey Likelihood of a Data Breach

Each year, the IOUG surveys a wide range of database security and IT professionals responsible for security, and examines the current state of enterprise data security. They summarize the 2014 findings of 353 data managers and professionals in order to help educate organizations about data security.

The likelihood of a data breach has grown over the years since they first began asking this question, and is similar to other surveys of this ilk. According to the Ponemon 2014 Cost of a Data Breach Study, we see as much as 30% probability.

According to another Ponemon study "Data Breach: The Cloud Multiplier Effect," those surveyed estimate that every one percent increase in the use of cloud services will result in a 3 percent higher probability of a data breach.

When looking at history, survey respondents of the IOUG report say that they often have no idea whether a breach has occurred--or worse--is occurring:

"We cannot be certain there has been no silent breach. There is no evidence we have detected a breach or corruption. But picturing yourself as highly unlikely to be breached we feel is like wearing a ‘kick-me’ sign on your backside."

2014 IOUG Data Security Survey Known Data Breaches

To learn more, download the 2014 IOUG Data Security Survey Report here

Wednesday Nov 12, 2014

Oracle Security Webcast Series for UK Customers

Over the next four Thursdays, beginning November 20th through December 11th, our UK team will be addressing security 

Preventive Controls to Avoid Next Data Breach, Nov 20, 2014. 11:00 AM - 11:45 AM (GMT)

Learn how preventive controls can increase your defense arsenal against the evolving threats to databases. Data breaches not only expose your customers' and employees' private data, but also diminish your reputation and impact the bottom line. Oracle Security specialists will demonstrate the latest database security capabilities which enable you to adopt a defense-in-depth strategy to mitigate risks and protect the data at source – the database.

Detective Controls for Compliance & Auditing, Nov 27, 2014, 11:00 AM - 11:45 AM (GMT)

Learn how you can enforce the “trust but verify” principle by consolidating audit and event sources from the Oracle and non-Oracle components of your infrastructure, offering integrated, real-time security analytics. Find out how Oracle detective controls can offer a first line of defense against SQL injection attacks, as well as a simplified compliance reporting platform, for audit data analysis, within a centralized, secure warehouse.

Identity Governance for Extended Enterprise, Dec 4, 2014, 11:00 AM - 11:45 AM (GMT)

As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when departmental application deployments are outside the view of corporate IT. Join us for this live webcast to learn how Oracle’s Identity governance solution reduces risks and costs while providing fast access to new services through an intuitive user self-service solution.

Strategies for Mobile Application Security, Dec 11, 2014, 11:00 AM - 11:45 AM (GMT)

Enterprise mobility and the Internet of Things are both new IT endpoints that require melding device and user identities for security reasons.Join us for this live webcast to learn how identity management platform benefits are enabling customers to move deployments to the next level of sophistication, as the mobile security market consolidates.

Monday Nov 10, 2014

Encrypting, Redacting and Masking at Epsilon

Epsilon Uses Oracle Advanced Security and Data Masking and Subsetting“With Transparent Data Encryption, the key rotation process is really much simpler for us…attesting to the audit team is much easier.”

Hear Keith Wilcox discuss how Epsilon addresses their customer’s sensitive application data requirements in production and development databases using Oracle Advanced Security, and Oracle Data Masking and Subsetting

Challenges

  • Varying requirements across retail, financial, and more
  • Difficulty demonstrating compliance with custom solution
  • Sensitive data showing within customer’s application 
  • Data encryption key rotation 

Why Epsilon Chose Oracle

  • Flexible solution to meet multiple customer requirements
  • Attesting to audit team is more credible using Oracle
  • Provides standard “secure package” for future deployments
  • A lot of great Oracle information available on the internet

Notable Quote:

“We started using data redaction with the one particular client, for PII data, but we really look forward to rolling that out to other [customers], such as our financial clients. We’ll be adding it to our standard ‘secure package’ that we use across the enterprise.”

Friday Oct 17, 2014

Why Infinity Insurance Chose Oracle Advanced Security and Database Vault

Infinity InsuranceI had an opportunity to sit down with Cathy Robinson, Database Administrator at Infinity Property and Casualty Corporation while at Oracle OpenWorld 2014. Infinity Insurance is a public insurance company that deals with high risk maturities, mostly auto insurance, and provide products through a network of approximately 12,500 independent agencies and brokers. Cathy told me how they use Oracle Advanced Security for encryption and Oracle Database Vault for database privilege user controls.

Cathy has an interesting background with the Department of Defense and joined Infinity with a great understanding of what is required to lock down data and secure an IT environment. As I interviewed Cathy, I learned that the main overall issues they face include:

  • Protecting sensitive personally identifiable information ( i.e. payment card, social security numbers)
  • Educating employees on the importance of securing this data
  • Securing older applications where changing software code is prohibitive

So they have been able to implement Oracle Advanced Security to address these security requirements without having to make any application changes. Additionally, there has been "no performance degradation whatsoever."To further put in place a defense in depth database security strategy, Infinity is also implementing Oracle Database Vault for separation of duties and least privilege.

When I asked why they chose Oracle, Cathy responded with the following:

  • One vendor instead of multiple point solution vendors
  • Deep integration with Oracle Databases
  • Oracle security expertise, which included a database security assessment
Click here to listen to the interview.

Tuesday Oct 14, 2014

ISACA Webcast: Data-Centric Audit and Protection, Reducing Risk and Improving the Security Posture

A security strategy must begin with protecting the databases that hold the majority of sensitive and regulated data. Unfortunately, organizations do not have such a plan in place. They fail to protect their sensitive customer and organizational data. Join Oracle security expert, Roxana Bradescu, as she outlines a data-centric audit and protection strategy to help reduce organizational risk and improve the security posture. During this webcast you will learn:

  • What to audit and how to audit
  • Secure data infrastructure practices
  • How to prevent disclosures and leaks
  • And much more. 

Friday Sep 12, 2014

New KuppingerCole Report on Audit Vault and Database Firewall

KuppingerCole analyst Rob Newby recently (August 2014) put together an executive review of the award-winning Oracle Audit Vault and Database Firewall that you can pick up here for a fee. The paper (4 pages on AVDF, 7 total) goes into a description of the solution and how it works from both the Audit Vault, and Database Firewall perspectives. It further covers reporting and alerting, as well as integration with other Oracle products, summarizing with strengths and challenges.

Happy weekend reading.

Wednesday Sep 10, 2014

SANS Webcast: Simplifying Data Encryption and Redaction Without Touching the Code

SANS Analyst and Instructor and well known security expert, Dave Shackleford, will be doing a review of Oracle Advanced Security on September 16, 12:00 p.m. ET/ 3:00 p.m. ET

Register now for the webcast "Simplifying Data Encryption and Redaction Without Touching the Code" 

The need for organizations to protect sensitive information has never been more paramount. The risks of data breaches and sensitive data exposures are driving organizations to look for solutions, as an increasing amount of data is being stored and processed outside the perimeter, in cloud applications and service environments. Organizations must protect this sensitive data at its heart, in the databases. In this webcast, we discuss a recent review by SANS Analyst and Instructor Dave Shackleford of Oracle Advanced Security for Oracle Database 12c and its encryption and redaction capabilities.

Register for the webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the Analyst Program's review of Oracle Advanced Security.

Tuesday Sep 02, 2014

Oracle Audit Vault and Database Firewall Wins Reader's Choice Award for Best Database Security Solution

Thank you to all those who voted for the Database Trends and Applications Reader's Choice Awards, 2014 and voting Oracle Audit Vault and Database Firewall as the best database security solution on the market. 

"Unlike any other awards programs conducted by DBTA, this one is special because the nominees are submitted and the winners are chosen by the experts—whose opinions carry more weight than all others—you, the readers. With more than 22,000 votes cast across 31 categories, the contest between candidates was often neck and neck. As a result, we are showcasing both winners and finalists in each category."

Oracle wins in a number of categories including:

  1. Best Relational Database: Oracle Database
  2. Best Cloud Database: Oracle Database 12c
  3. Best Database Appliance: Oracle Exadata
  4. Best Database Administration Solution: Oracle Enterprise Manager
  5. Best Database Performance Solution: Oracle Enterprise Manager
  6. Best Database Backup Solution: Oracle Database Backup Logging Recovery Appliance
  7. Best Data Replication Solution: Oracle GoldenGate 12c
  8. Best Change Data Capture Solution: Oracle CDC
  9. Best Data Virtualization Solution: Oracle Database 12c Multitenant
  10. Best Cloud Integration Solution: Oracle Cloud Integration
  11. Best Streaming Data Solution: Oracle Streams
  12. Best Data Mining Solution: Oracle Advanced Analytics

Wednesday Aug 27, 2014

Oracle Key Vault Interview with Vipin Samar, Vice President of Oracle Database Security

I had an opportunity to discuss Oracle Key Vault with Oracle's vice president of database security, Vipin Samar. Vipin talks about the challenges facing security professionals and database administrators as they try to manage encryption keys and other secrets, such as SSL certificates and Java keystores, across the enterprise. Watch the below video and learn how Oracle Key Vault, a new centralized key manager, secures, shares, and manages keys and secrets for the enterprise.

Learn more about Oracle Key Vault by watching the launch webcast.

Tuesday Aug 26, 2014

August Edition of Oracle's Security Inside Out Newsletter

Get the Oracle Information InDepth - Security Inside Out Newsletter

Read the latest edition of Oracle Security news in this month's bi-monthly Security Inside Out Newsletter that features both database security and identity management news, webcasts, events, training and more. Subscribe here to have your own copy emailed to you. 

New Product Launch: Secure and Centralize Key Management with Oracle Key Vault

In August 2014, Oracle launched Oracle Key Vault, a central key management platform that enables efficient and secure deployment of encryption across the enterprise. Get details on the new release. 

Security at Oracle OpenWorld 2014: Don't-Miss Sessions and More

High-profile breaches, combined with increasing regulatory complexity, are driving unprecedented investment in security. Organizers of Oracle OpenWorld expect security-related activities to draw even higher attendance than last year. Find out what key sessions Oracle’s security team recommends you add to your agenda. 

Friday Aug 08, 2014

Focus on Database Security at Oracle OpenWorld, 2014

Data security threats and regulatory compliance are the new "death" and "taxes" that we can all be certain of. Security is a hot topic across all organizations, whether you have 100 or 100,000 employees. Organizations are scrambling to mitigate threats and comply with regulatory requirements. Oracle OpenWorld is the place for customers to hear about the latest advances in data security, meet with security experts, and learn the next steps to help secure the sensitive data they hold.

With Oracle OpenWorld, 2014 about 2 months away, we've compiled the database security sessions, hands on labs, and more, that are critical for database administrators, security experts and executives to attend. As an example of just some of the talks this year:

Oracle Database 12c: Defense-in-Depth Security [CON8194]

Attend this session to quickly get up to speed on the powerful preventive and detective controls available in Oracle Database 12c. It provides an overview of security capabilities in Oracle Database 12c and is ideally suited for those who are new to security or want to get quickly get up to speed on protecting the data stored in their mission-critical databases. The presentation drills down particularly into the new Oracle Database 12c unified and conditional auditing facility. Learn how to create audit policies with conditional clauses, enabling highly selective and effective auditing. See a demonstration of a conditional audit policy based on a connection from a database link and a connection using proxy authentication.

Introducing Oracle Key Vault: Centralized Keys, Wallets, and Java Keystores [CON8189]

Attend this technical session to learn how the new Oracle Key Vault helps organizations accelerate encryption initiatives by addressing proliferating wallets, managing them centrally. See demonstrations of how to set up, configure, and administer Oracle Key Vault for centralized key management for OSs, databases, and middleware. Get best practices for using Oracle Key Vault, a security-hardened software appliance, with existing key storage files such as Oracle wallets and Java Keystores. Learn about optimizations for Oracle Database 11g and Oracle Database 12c, where Oracle Key Vault directly connects to Oracle Advanced Security transparent data encryption (TDE).

Oracle Database Security Strategy and Best Practices: Customer Case Study Panel [CON8192]

Oracle Database security solutions are transparent and easy to deploy and offer comprehensive data protection in a rapidly evolving threat landscape. In this session, you will hear from Oracle customers that have successfully deployed transparent data encryption, data masking, database firewalls, and database auditing and monitoring to protect their data and address regulatory compliance requirements. You will hear why they did it, how they did it, and the lessons learned. This is a highly interactive session—you will have an opportunity to pose questions to the panel and get real-world tips and best practices from your peers.

Plus much more... 

Register for OracleOpenWorld

Register now and get the focus on database security document here to begin planning. Please note agenda is subject to change and will be filled out with session dates/times and room locations as we get closer to OpenWorld, Sept 28-Oct 2, 2014 in San Francisco. And a tip: read Securing Oracle Database 12c ebook to get prepared; we look forward to see you there! 

Thursday Aug 07, 2014

Introducing Oracle Key Vault for Centralized Key Management

[ENTER PAGE TITLE]
Banner
Oracle Customers Secure Critical Encryption Keys with Oracle Key Vault

Centrally Manage Oracle Database Encryption Master Keys, Oracle Wallets, Java KeyStores and Other Credential Files

Encryption is widely recognized as the gold standard for protecting data privacy, but encryption is only as strong as its key management. Critical credential files such as Oracle Wallets, Java KeyStores, SSH key files and SSL certificate files are often widely distributed across servers and server clusters with error-prone synchronization and backup mechanisms.

To address the need for robust key management, Oracle today introduced Oracle Key Vault, a software appliance designed to securely manage encryption keys and credential files in the enterprise data center.

Read the press release and register for the webcast to learn how Oracle Key Vault:
  • Centralizes Keys in a modern, secure, and robust key management platform
  • Secures, shares, and manages keys and secrets for the enterprise
  • Manages key lifecycle stages including creation, rotation, and expiration

Oracle Key Vault Learn more: Oracle Key Vault enables customers to quickly deploy encryption and other security solutions.

ipad
Webcast: August 21, 2014
10:00 a.m. PT/1:00 a.m. ET
Hardware and Software Engineered to Work Together
Copyright © 2014, Oracle Corporation and/or its affiliates.
All rights reserved.
Contact Us | Legal Notices and Terms of Use | Privacy Statement

Monday Aug 04, 2014

Securing Data in the New Digital Economy Webcast

2014 has already witnessed some of the largest data breaches on record. As the black market for stolen data becomes increasingly organized, the supply chain for information is providing an efficient means to monetize a vast array of stolen information. A the same time, our legal economy is becoming more hyper-connected providing more digital services, and making companies are more vulnerable to attacks. In this session we will explore the security requirements for information in the new digital economy and with the vast amount of case information from breach investigations, distill a security strategy to reduce risk.

Register to hear the recorded webcast. 

Thursday Jul 17, 2014

What's the Difference Between Oracle Transparent Data Encryption, Data Masking and Data Redaction?

Oracle database security solutions provide three means of making data at rest unreadable. We sometimes get questions about their differences.

Oracle Advanced Security 

Transparent Data Encryption (TDE), a capability of Oracle Advanced Security, is transparent to applications and users by encrypting data within the Oracle Database on disk, without any changes to existing applications. TDE is available as a part of the Oracle Database, so if you have Oracle, you have Oracle Advanced Security and would simply require a license to activate.

When would you use TDE? 

TDE stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace files and attacks from thieves attempting to read information from acquired disks or backups are denied access to the clear text data.

Data Redaction, also a capability of Oracle Advanced Security, provides selective, on-the-fly redaction of sensitive data in SQL query results prior to display by applications so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. 

When would you use data redaction? 

Existing applications often return sensitive data to call center and support staff employees, or even customers that include date of birth, social security numbers, and more.  Traditionally, organizations would have to access and change application source code in order to redact sensitive data. This can be error-prone, laborious, and performance-heavy. Data redaction mitigates this risk and helps organizations comply with compliance requirements, such as PCI DSS, by masking displayed data within applications.

Learn more about transparent data encryption and data redaction. 

Oracle Data Masking and Subsetting

Data Masking enables sensitive information such as credit card or social security numbers to be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-sourcing partners or off-shore teams for other nonproduction purposes..  

When would you use data masking?  

Data masking is used for nonproduction environments for quality assurance, testing, and development purposes. Many organizations inadvertently breach information when they routinely copy sensitive and regulated production data into nonproduction environments. Data in nonproduction environments, which can be lost or stolen, has increasingly become the target of cyber criminals. Data masking helps organizations reduce this risk and comply with compliance requirements.

Learn more about data masking. 

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
30
31
 
       
Today