Tuesday Jun 28, 2016

Register now for Oracle University Security Training Subscription

Protecting corporate information and technology assets from intruders, thieves, and vandals is a significant challenge for most enterprises. Historically, investments in security technology were made by individual technology managers and business units in response to the specific threats they faced. 

CIOs are now implementing technologies that can support the centralized management and enforcement of security policies. Now more than ever, training employees to use these security technologies has become paramount. In response, Oracle University has released updated security training so that customers can get educated on the latest Oracle security content, including:

  • Content developed by industry and product engineers and delivered by expert instructors
  • More than 10 courses totaling over 30 days worth of instructor-led training
  • Over a hundred continuous learning and just-in-time training videos
Curriculum focuses on content from the following key areas:
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Cyber Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
  • and so much more....
Also Available: 
  • Quizzes to assess your understanding of key topics
  • Learning paths to guide your career choices 
  • 24/7 availability of offerings
  • Demonstrations

Subscribe to Oracle Security Learning and get prepared to help your organization reduce its overall risk.

Wednesday Mar 23, 2016

Oracle Magazine Highlights "Security at Every Level"

Oracle’s security focus and strategy protect the enterprise with a secure technology portfolio and identity management, database, and silicon security solutions.

Oracle’s earliest customers included the US Central Intelligence Agency and the Department of Defense, organizations focused intensely on security. In more than 30 years in the enterprise software business, Oracle has refined a security strategy that starts with an engineering culture rooted in secure development practices and support processes; provides security controls throughout the Oracle enterprise technology stack; and delivers on-premises and cloud security solutions.

Read the rest of the article here to learn how Oracle ensures trust, builds security into our stack, and delivers security in silicon with the new SPARC M7 chipset.

Tuesday Mar 01, 2016

Securing Oracle Public Clouds

There is an incredible transformation we are all experiencing with cloud computing. The cloud truly is changing everything. It’s changing how businesses run and people work; it’s creating new categories, disrupting existing categories, and it’s changing how we communicate and share. It’s changing the economics of business forever.  It’s happening at a speed no one ever imagined and it means a new way of thinking for security practitioners.


When we look at the enterprise, we see that on every level, there are transformations that are encouraging a fluidity of boundaries.

The Extended Enterprise is about the always-on expectation from users, about a corporate environment that is no longer limited to the four walls of the enterprise.  Essentially, the Internet has become the corporate network; a coffee shop has become the corporate office. Work is no longer a place…it’s wherever you get inspiration.

Within that corporate network, applications that used to be selected, deployed and maintained by IT are increasingly giving way to applications that employees introduce into the network themselves.  Often this is to increase productivity, or solve a problem that can’t be addressed by existing tools.  For example, when files get too large for emailing, users may be tempted to use unsanctioned software as a service like Dropbox, or YouSendIt/Hightail in order to distribute information. This can cause challenges with internal IT teams that are enforcing corporate processes designed to lock down sensitive corporate data and keep it from showing up on shadow IT sites where they have no control.

The growing use of social collaboration and sharing regardless of location; the rising adoption of cloud computing; the proliferation of mobile devices; these are creating a fundamental shift within the enterprise that are breaking down the traditional four walls that have constrained IT to the corporate network and private WAN.  This begs the questions, “where did the perimeter go?"

The Perimeter has Evolved

We’re moving fast and it’s difficult to run a business with the expectation that we can prevent perimeter network penetration. The perimeter has evolved and we must assume the perimeter will be breached and deploy solutions that protect our assets, starting with the most valuable. Now, enterprises face a boundless future where the four walls of the enterprise are fluid.  They extend to the cloud. And follow users from network to network, device to device. These need to be addressed within the context of rapid evolution in the threat landscape. This heightened risk comes at a time when users are increasingly leaving the safety of the corporate network, yet are still trying to access corporate assets – now from anywhere in the world as we embrace mobile and cloud. 

In fact, according to a CSO MarketPulse survey we find that the allocation of resources are not appropriately aligned with the most vulnerable areas of attack.

Sixty-seven percent of the 200+ CSOs indicated they are allocating most of their resources to the network layer, and only 15% were allocating most of their resources to the database layer. And yet, when asked what IT layers were most vulnerable to an attack, more than half (52%) said their databases.

Let me be clear, I am not saying that securing the perimeter is a bad idea.  However, we need to augment where we’re placing our resources—now more than ever. The challenge is that for most enterprises, the network has become so large--encompassing multiple countries across the globe, outsourced data centers, and cloud computing--that it is harder and harder to secure the traditional perimeter from attack.

This is even more important when we consider how to secure on premises and cloud based assets in a boundless world. It’s how you secure everything from your perimeters to your networks to your software and even your hardware. To help businesses achieve that, we will need to change.

Turning Security from an Inhibitor to an Enabler of Cloud

How many of you believe security is actually an inhibitor to Cloud adoption? In Oracle's eleven critical cloud predictions to take into 2016, Oracle CIO Mark Sunday says, “Today, the #1 reason organizations are not moving to the cloud is security. However, tomorrow, security will be one of the most important drivers to move to the cloud.”

The article goes on to explain, "A survey by Harvard Business Review Analytic Services (sponsored by Oracle) found that 62 percent of respondents thought security issues were by far the biggest barriers to expanding cloud adoption at their companies. Nearly half said data security is harder in the cloud.

But those very same concerns will soon drive organizations to the cloud. Established cloud vendors with a solid security track record have the expertise and resources to deploy layers of defense that many companies can’t hope to duplicate in-house."

So, How Do We Do It?

Oracle secures every layer of both on premises and the cloud. By owning best in class SaaS, PaaS, and IaaS, our goal is to protect each and every aspect of your on premises, private, and public cloud environments.

[Disclaimer: Not all technologies identified here are available for all Oracle Cloud Services.]

To build a secure cloud, it starts with the underlying infrastructure—a secure cloud must be built on a foundation that is securely designed and developed from the outset.

Oracle starts with defensive layers of defense. This is how we’ve built our solutions to work together and be more secure through seamless integration and layers of security. Then we add a comprehensive set of security controls across these solutions in order to protect the entire environment, from physical to logical security controls.

These include preventive controls that protect against bad guys getting to the data, and if they do, it would be rendered useless. This includes detective security controls that detect suspicious activity in process and can raise an alert. This is what I like to call our forensics capabilities. Finally, it includes the administrative process and procedures we follow to build security in to our cloud environment. Let's look at both of these in more detail: Security and Control.

Layered Security Defense

When looking at security, it’s important to provide layered security, also known as defense-in-depth, because no one control can mitigate all threats. Oracle is working to provide multiple layers of security in our cloud. So, whether on premise or cloud, these are the requirements for a secure IT environment.

[Disclaimer: Not all technologies identified here are available for all Oracle Cloud Services.]

First, you want to integrate security into the foundation of the software. From the underlying silicon to the firmware that is built into the silicon, to the operating systems and applications.

Let’s start with the Silicon layer and work our way up to the applications layer:


Ultimately, security should be enabled at multiple layers and pushed down the stack as far as you can go. For example, security at the database layer is preferable to security at the application layer. When you encrypt data in the database, all applications that are connected to that database gain the encryption capability. Otherwise, you would have to code encryption into each of those applications, which would take a long time and is error prone. If you push security down into the silicon layer, then the software that is built on that silicon inherits that security. You need to be able to secure data in memory from corruption and attack through unauthorized access or buffer over-runs, because if someone can control your systems at the chip layer, then they can potentially own all the software that sits on top.


At the infrastructure layer, Oracle provides storage and will soon be offering elastic compute so that our customers can run any workload in the cloud. For our storage service, we provide backup of your sensitive data and can encrypt it all for you.
When our elastic compute service is ready, organizations will enable unrestricted, and yet secure communications between selected VMs. By creating dynamic firewalls, also known as security lists, and adding your VMs to that list, the VMs can communicate with each other in the same list over any protocol and port. This is a secure way to communicate between known virtual machines. By default, the VMs in a security list are isolated from hosts outside the security list.
At any time, to block access— permanently or temporarily—to all VMs in a security list, delete or disable the relevant security rules. To block access to specific VMs rather than to the entire security list, remove those VMs from the security list. What you ultimately get is the ability to have fine grained network access control over your compute environment.


At the database layer, Oracle Database as a Service includes tightly integrated Oracle Advanced Security with transparent data encryption to secure data at rest on disk and on database backups. Our same on premise data encryption technology is built into our database as a service and is transparent to users and applications because the encryption takes place at the kernel layer.

This extends up into the application layer, so that when applications make calls to the database, we can redact, or remove sensitive data from the application layer, on the fly, so that unauthorized users are unable to see sensitive data. This data redaction is part of our Advanced Security solution. And again, is built into the kernel, which avoids tampering methods and provides better security.

In order to prevent privileged users (ours in the cloud or yours on premise) from gaining unfettered access across the entire database, Oracle Database Vault can restrict credentials to a least privilege state, so that administrators can only perform the tasks necessary to do their jobs, and no more. So for example, they can maybe administrate backups, but not necessarily be able to read or write into that database.


Throughout many of our Oracle cloud services (Fusion Apps, PaaS, and IaaS) when a user registers, the account and credential information is stored in Oracle Internet Directory. When a user wants to authenticate and gain access to several services, the single sign-on is handled by Oracle Access Manager. When a user account is disabled, it can be disabled across multiple services. Each of these capabilities is enabled by Oracle Identity Management, and we’ve been providing these services for some time now.

Oracle has put a great deal of effort into developing powerful, robust security mechanisms within its products and within our cloud, and we want to make sure that customers are fully leveraging these security features.


Finally, at the top of our stack you want to provide Single Sign-On across multiple applications because the least amount of user names and passwords you manage, the better. Oracle provides integrated access controls that are dependent on your role. And I mentioned the ability to remove or redact sensitive data from applications by way of the database kernel; application developers do not have to do complete development rewrites in the application code in order to redact data. Instead, DBAs can implement redaction policies within the database and cover multiple applications.

From the chip level up, we have thought through layered security defenses built into the cloud. This strategy is not dependent on a single security tactic or approach. It provides multiple layers of protection.

Comprehensive Security Controls for the Cloud

From physical security in and around our datacenters, to applying security controls at the application, network, and logical access layers, you can see why Oracle can provide as good as, or dare I say better security, than you can obtain on premise.

As we drill down into each layer you can see security is baked into both physical and logical access.

For physical access, we have multiple security zones that our IT staff must pass through in order to gain clearance throughout the datacenter, including a reception desk, access cards, biometrics in the way of keypads or retina scanners. All of this is under video surveillance, plus more.

We carry this practice of depth in defense to Logical Access layer. We mandate encryption on all staff computers, implement personal firewalls, two-factor authentication, and layers of role based privilege access controls. This helps mitigate stolen username and password threat vectors. All of this is managed by Oracle Identity Management, the same suite that many of you use to gain access to corporate systems.

And for detective security controls, we apply forensics – looking for security vulnerabilities.  We monitor access and conduct monthly reviews.  And the layers of defense continue; we also deploy security controls using vendors that we do not directly compete with in order to cover the gaps where Oracle doesn’t play.

Security is no longer a reason to not move to the cloud, but in fact a reason to move to the cloud. Security is an enabler: Just as Oracle helps reduce costs associated with system deployments, maintenance and tuning, it’s is even more difficult to find qualified staff to secure your environments. Oracle has the resources and knowledge to secure your deployments in the Oracle Cloud.

Securing the Hybrid Cloud

Security has also enabled you with a choice of how you deploy, as well as a transition from on premise to the cloud.

You see, now you can maintain existing on premises deployments and connect to your public cloud. This provides comprehensive security for a hybrid deployment. This also provides flexibility and choice because we’ve integrated many of our technologies.

Security is an enabler: You now have a common set of security controls that address regulatory compliance requirements, a common set of security policies that extend across on premise and cloud, and multiple security layers that are integrated and built in from the infrastructure up.

To learn more about how Oracle Secures the Public Cloud, please read Oracle Cloud Enterprise Hosting and Delivery Policies.

Tuesday Feb 16, 2016

Larry Ellison, New Rules of Thumb for Next-Generation Data Security

In his keynote address at Oracle OpenWorld 2015, Oracle Executive Chairman and Chief Technology Officer Larry Ellison highlighted the urgent need for advanced next-generation data security technologies—and outlined two new rules of thumb for data security in the age of megabreaches. 

Recent breaches extend far beyond the theft of data from tens of millions of retail and banking customers. Even the US Office of Personnel Management has lost highly sensitive data relating to over 20 million federal employees—all the way up to White House staff. 

"Organizations are losing a lot of these cyberbattles," said Ellison. "Our industry needs to rethink how we deliver technology, especially as vast amounts of data are moved to the cloud."

Read more of this article and Oracle's perspective.

Wednesday Jul 29, 2015

Security Inside Out Newsletter, July Edition is Out

The July edition of the Security Inside newsletter is now available. Sign up here for the Security Inside Out newsletter where we highlight key Oracle Security news and provide information on the latest webcasts, events, training and more. 

This month in the news:

Inoculating the Cloud

Another day, another data breach. From the recent cyber attack on the Internal Revenue Service to news of a security bug called VENOM, it seems as if frequent cybersecurity incidents represent the new normal. What new methods can your security group deploy to augment traditional perimeter defenses? The key is to focus on your most valuable asset—data—and build a security strategy that protects data at its source. 

Now Available! Oracle Identity Management 11g Release 2 PS3

Read about the new business-friendly user interface that simplifies the tasks associated with provisioning and managing today’s robust, identity-driven environments. Also learn about the expansion of mobile device management capabilities and a consolidated policy management framework that enables simplified provisioning of devices, applications, and access.

Securing Data Where It Matters Most

Putting defense in depth database protection in place is the first step to a security inside out data strategy. Even if an organization’s perimeter is breached, organizations can reduce risks by placing security controls around sensitive data, detecting and preventing SQL injection attacks, monitoring database activity, encrypting data at rest and in transit, redacting sensitive application data, and masking nonproduction databases. Read insights from Oracle Vice President of Security and Identity Solutions, Europe, the Middle East, and Africa, Alan Hartwell.

Tuesday May 26, 2015

Security Inside Out Newsletter, May Edition

Get the latest Security Inside Out newsletter and hear about securing the big data life cycle, data security training, and more.

Also, subscribe to get the bi-monthly news in your own inbox . 

Monday Mar 09, 2015

Security and Governance Will Increase Big Data Innovation in 2015

"Let me begin with my vision of the FTC and its role in light of the emergence of big data. I grew up in a beach town in Southern California. To me, the FTC is like the lifeguard on a beach. Like a vigilant lifeguard, the FTC’s job is not to spoil anyone’s fun but to make sure that no one gets hurt. With big data, the FTC’s job is to get out of the way of innovation while making sure that consumer privacy is respected."

- Edith Ramirez, Chairwoman, Federal

Trade Commission Ms. Ramirez highlights the FTC's role in protecting consumers from what she refers to as "indiscriminate data collection" of personal information. Her main concern is that organizations can potentially use this information to ultimately implicate individual privacy. There are many instances highlighting the ability to take what was previously considered anonymous data, only to correlate with other publicly available information in order to increase the ability to implicate individuals.

Finding Out Truthful Data from "Anonymous" Information 

Her concerns are not unfounded; the highly referenced paper Robust De-anonymization of Large Sparse Datasets, illustrates the sensitivity of supposedly anonymous information. The authors were able to identify the publicly available and "anonymous" dataset of 500,000 Netflix subscribers by cross referencing it with the Internet Movie Database. They were able to successfully identify records of users, revealing such sensitive data as the subscribers' political and religious preferences, for example. In a more recent instance of big data security concerns, the public release of a New York taxi cab data set was completely de-anonymized, ultimately unveiling cab driver annual income, and possibly more alarming, the weekly travel habits of their passengers.

Many large firms have found their big data projects shut down by compliance officers concerned about legal or regulatory violations. Chairwoman Hernandez highlights specific cases where the FTC has cracked down on firms they feel have violated customer privacy rights, including the United States vs. Google, Facebook, and Twitter. She feels that big data opens up additional security challenges that must be addressed.

"Companies are putting data together in new ways, comingling data sets that have never been comingled before," says Jeff Pollock, Oracle vice president for product management. "That’s precisely the value of big data environments. But these changes are also leading to interesting new security and compliance concerns."

The possible security and privacy pitfalls of big data center around three fundamental areas:

  • Ubiquitous and indiscriminate collection from a wide range of devices 
  • Unexpected uses of collected data, especially without customer consent 
  • Unintended data breach risks with larger consequences

Organizations will find big data experimentation easier to initiate when the data involved is locked down. They need to be able to address regulatory and privacy concerns by demonstrating compliance. This means extending modern security practices like data masking and redaction to the full big data environment, in addition to the must-haves of access, authorization and auditing.

Securing the big data lifecycle requires:

  • Authentication and authorization of users, applications and databases 
  • Privileged user access and administration 
  • Data encryption of data at rest and in motion 
  • Data redaction and masking for non production environments 
  • Separation of roles and responsibilities 
  • Implementing least privilege 
  • Transport security 
  • API security 
  • Monitoring, auditing, alerting and compliance reporting

With Oracle, organizations can achieve all the benefits that big data has to offer while providing a comprehensive data security approach that ensures the right people, internal and external, get access to the appropriate data at right time and place, within the right channel. The Oracle Big Data solution prevents and safeguards against malicious attacks and protects organizational information assets by securing data in-motion and at-rest. It enables organizations to separate roles and responsibilities and protect sensitive data without compromising privileged user access, such as database administrators. Furthermore, it provides monitoring, auditing and compliance reporting across big data systems as well as traditional data management systems.

Learn more about Oracle Security Solutions.

This article has been re-purposed from the Oracle Big Data blog.  

Tuesday Feb 03, 2015

All Data is Not Equal, Map Security Controls to the Value of Data

As you look at data, you will quickly realize that not all data is equal.   What do I mean by that? Quite simply, some data simply does not require the same security controls as other data.   

When explaining this to customers, we use a metals analogy to simplify the provisioning of controls. Bronze to represent the least sensitive data, up through to Platinum, the highest value and most sensitive data within an organization.

Thinking in this manner provides the ability to refine many configurations into a few pre-configured, pre-approved, reference architectures. Applying this methodology is especially important when it comes to the cloud. It comes down to consistency in applying security controls, based on the data itself.

Oracle’s preventive, detective, and administrative pillars can be applied to the various data categorizations. At this point in the conversation, customers begin to understand more pragmatically how this framework can be used to align security controls with the value, or sensitivity, of the data.

Security practitioners can then work with lines of business to assign the appropriate level of controls, both systematically and consistently across the organization.  

So for example, at the bronze level, items such as application of patches, secure configuration scanning and the most basic auditing would be appropriate. Data deemed more sensitive, such as personally identifiable information, or personal health information, require additional security controls around the application data. This would include, for example, blocking default access by those designated as database administrators.

Then finally, at the highest data sensitivity level--Platinum level--should exhibit blocking database changes during production time frames, preventing SQL injection attacks and centralized enterprise-wide reporting and alerting for compliance and audit requirements.  

To learn more about Oracle Security Solutions, download the ebook "Securing Oracle Database 12c: A Technical Primer" by Oracle security experts.

Tuesday Aug 26, 2014

August Edition of Oracle's Security Inside Out Newsletter

Get the Oracle Information InDepth - Security Inside Out Newsletter

Read the latest edition of Oracle Security news in this month's bi-monthly Security Inside Out Newsletter that features both database security and identity management news, webcasts, events, training and more. Subscribe here to have your own copy emailed to you. 

New Product Launch: Secure and Centralize Key Management with Oracle Key Vault

In August 2014, Oracle launched Oracle Key Vault, a central key management platform that enables efficient and secure deployment of encryption across the enterprise. Get details on the new release. 

Security at Oracle OpenWorld 2014: Don't-Miss Sessions and More

High-profile breaches, combined with increasing regulatory complexity, are driving unprecedented investment in security. Organizers of Oracle OpenWorld expect security-related activities to draw even higher attendance than last year. Find out what key sessions Oracle’s security team recommends you add to your agenda. 

Monday Jun 30, 2014

June Ed of Security Inside Out Newsletter Is Out

Get the latest edition of Oracle Security Inside Out Newsletter and subscribe to future editions. As a bi-monthly security newsletter, we cover all things security for both Oracle Database Security and Identity Management solutions, news, and events. Here are this month's database security articles:

Five Hard Lessons Learned from the Verizon Report on APT1 Attack

Advanced persistent threats (APT) are a type of ongoing cyberattack from well-coordinated and funded cybercriminals who penetrate an organization slowly and methodically. Find out from Oracle experts what key lessons your organization can take away from the analysis of an APT attack.
Read More

Know Your Enemy: Profile Attackers and Defend Targeted Assets

In the new Countering Adversaries webcast series now available on demand, security experts explain how to identify the kinds of adversaries specific industries attract, understand the types of data they are after, and focus in on the tools that provide the most effective deterrence against these specific threats.
Read More

Wednesday Jun 04, 2014

The Top Ten Security Top Ten Lists

As a marketer, we're always putting together the top 3, or 5 best, or an assortment of top ten lists. So instead of going that route, I've put together my top ten security top ten lists. These are not only for security practitioners, but also for the average Joe/Jane; because who isn't concerned about security these days? Now, there might not be ten for each one of these lists, but the title works best that way. Top Ten Security Top Ten Lists

Starting with my number ten (in no particular order):

10. Top 10 Most Influential Security-Related Movies

Amrit Williams pulls together a great collection of security-related movies. He asks for comments on which one made you want to get into the business. I would have to say that my most influential movie(s), that made me want to get into the business of "stopping the bad guys" would have to be the James Bond series. I grew up on James Bond movies: thwarting the bad guy and saving the world. I recall being both ecstatic and worried when Silicon Valley-themed "A View to A Kill" hit theaters: "An investigation of a horse-racing scam leads 007 to a mad industrialist who plans to create a worldwide microchip monopoly by destroying California's Silicon Valley." Yikes!

9. Top Ten Security Careers

From movies that got you into the career, here’s a top 10 list of security-related careers. It starts with number then, Information Security Analyst and ends with number one, Malware Analyst. They point out the significant growth in security careers and indicate that "according to the Bureau of Labor Statistics, the field is expected to experience growth rates of 22% between 2010-2020. If you are interested in getting into the field, Oracle has many great opportunities all around the world

8. Top 125 Network Security Tools

A bit outside of the range of 10, the top 125 Network Security Tools is an important list because it includes a prioritized list of key security tools practitioners are using in the hacking community, regardless of whether they are vendor supplied or open source. The exhaustive list provides ratings, reviews, searching, and sorting.

7. Top 10 Security Practices

I have to give a shout out to my alma mater, Cal Poly, SLO: Go Mustangs! They have compiled their list of top 10 practices for students and faculty to follow. Educational institutions are a common target of web based attacks and miscellaneous errors according to the 2014 Verizon Data Breach Investigations Report.   

6. (ISC)2 Top 10 Safe and Secure Online Tips for Parents

This list is arguably the most important list on my list. The tips were "gathered from (ISC)2 member volunteers who participate in the organization’s Safe and Secure Online program, a worldwide initiative that brings top cyber security experts into schools to teach children ages 11-14 how to protect themselves in a cyber-connected world…If you are a parent, educator or organization that would like the Safe and Secure Online presentation delivered at your local school, or would like more information about the program, please visit here.”

5. Top Ten Data Breaches of the Past 12 Months

This type of list is always changing, so it's nice to have a current one here from Techrader.com. They've compiled and commented on the top breaches. It is likely that most readers here were effected in some way or another.

4. Top Ten Security Comic Books

Although mostly physical security controls, I threw this one in for fun. My vote for #1 (not on the list) would be Professor X. The guy can breach confidentiality, integrity, and availability just by messing with your thoughts.

3. The IOUG Data Security Survey's Top 10+ Threats to Organizations

The Independent Oracle Users Group annual survey on enterprise data security, Leaders Vs. Laggards, highlights what Oracle Database users deem as the top 12 threats to their organization. You can find a nice graph on page 9; Figure 7: Greatest Threats to Data Security.

2. The Ten Most Common Database Security Vulnerabilities

Though I don't necessarily agree with all of the vulnerabilities in this order...I like a list that focuses on where two-thirds of your sensitive and regulated data resides (Source: IDC). 

1. OWASP Top Ten Project

The Online Web Application Security Project puts together their annual list of the 10 most critical web application security risks that organizations should be including in their overall security, business risk and compliance plans. In particular, SQL injection risks continues to rear its ugly head each year. Oracle Audit Vault and Database Firewall can help prevent SQL injection attacks and monitor database and system activity as a detective security control.

Did I miss any?

Friday Feb 28, 2014

February Edition of Security Inside Out Newsletter, Now Available

Get the latest edition of our bi-monthly (that's every other month) Security Inside Out newsletter featuring both database security and identity management news. This month's articles:

SANS Study Explores Maturity of Security Strategies Among Healthcare Organizations

A new report from the SANS Institute, a leading security education and research organization, surveys real-world organizations to discover how the healthcare industry is adapting to this new security landscape. Find out how organizations like yours are responding to the new challenges of more-stringent regulations and new mobile and cloud technologies.

New Report Puts Oracle Audit Vault and Database Firewall to the Test

A new report from leading security organization SANS Institute finds that Oracle Audit Vault and Database Firewall successfully achieves three key security objectives: audit collection, SQL traffic monitoring, and security event reporting.

Key Cloud Security Paradigms and Oracle’s Identity Management Roadmap

Find out the most common approaches to achieving security in the cloud and whether using a third-party identity management solution is a good strategy. 

Read more here

Tuesday Dec 17, 2013

Top Database Security Trends in 2014

Analysts estimate that two-thirds of organizations' sensitive and regulated data resides in their databases—and the total amount of that sensitive data is growing fast, along with the rest of the digital universe. One analyst claims it will reach 35 zettabytes by 2020. 

As a result, security professionals and database administrators need to be asking two fundamental questions.
  • Where is all of my sensitive data?
  • Who has access to that data?

As we look forward into 2014, the following trends highlight the importance of data security. Read More in the latest edition of the Security Inside Out Newsletter.

Tuesday Oct 29, 2013

Get the Latest Security Inside Out Newsletter, October Edition

The latest October edition of the Security Inside Out newsletter is now available and covers the following important security news:

Oracle Security Inside Out Newsletter

Securing Oracle Database 12c: A Technical Primer

The new multitenant architecture of Oracle Database 12c calls for adopting an updated approach to database security. In response, Oracle security experts have written a new book that is expected to become a key resource for database administrators. Find out how to get a complimentary copy. 

Read More

HIPAA Omnibus Rule Is in Effect: Are You Ready?

On September 23, 2013, the HIPAA Omnibus Rule went into full effect. To help Oracle’s healthcare customers ready their organizations for the new requirements, law firm Ballard Spahr LLP and the Oracle Security team hosted a webcast titled “Addressing the Final HIPAA Omnibus Rule and Securing Protected Health Information.” Find out three key changes affecting Oracle customers. 

Read More

The Internet of Things: A New Identity Management Paradigm

By 2020, it’s predicted there will be 50 billion devices wirelessly connected to the internet, from consumer products to highly complex industrial and manufacturing equipment and processes. Find out the key challenges of protecting identity and data for the new paradigm called the Internet of Things. 

Read More

Monday Sep 16, 2013

Limited Time Complimentary eBook, Securing Oracle Database 12c

Securing Oracle Database 12c: A Technical Primer

Pre-register For Your Copy Now

With the launch of Oracle Database 12c, securing your databases is more important than ever. For a limited time you can pre-register for a new complimentary eBook and learn about Oracle Database Security from the experts who brought you the #1 database in the world.

Are you an Oracle DBA who wants to protect your databases? The new ebook, Securing Oracle Database 12c: A Technical Primer, will be the book that database administrators will want to turn to for their database security questions.

For a limited time, Oracle Press will be offering this book free of charge, so pre-register for your copy now.


Who are we?

Follow us on

  • TwitterFacebookLinkedIn


« July 2016