Wednesday Mar 27, 2013

Securing Enterprise Data in Private Clouds

Since two thirds of sensitive data in most organizations resides in databases, consolidation onto private clouds represent an opportunity to improve information security and compliance. Consolidation enables organizations to replace insecure data silos, and reduce the cost and scope of data security initiatives. Oracle helps organizations control and monitor access, secure sensitive data, and address regulatory compliance in private database clouds using Oracle Database Security solutions

Let’s examine this more closely, according to NIST, clouds are shared pools of standardized computing resources. Traditional database silos can be consolidated into a database cloud, which eliminates data silo complexity. With clouds we gain the standard efficiency of cloud computing and consistent protection of data. We now know where the data is and we can manage it all within a database cloud. The ideal cloud building block is with Oracle Exadata Database Machine: a pre-integrated, highly-optimized database cloud platform. Organizations are building clouds with Oracle Exadata very efficiently and with much less infrastructure. 

But now we have to secure our database clouds: all our sensitive data is there. By securing our database cloud we have efficient and consistent protection for all our data. Ultimately, a database cloud will enable better security at lower cost and complexity for the organization because we’re centralizing security in one place, we’re standardizing, we get rid of all of the point solutions for more efficient management.

Finally, if we examine traditional security concerns as a cloud inhibitor, it’s clearly not enough to halt cloud deployments. According to industry data, 67% of large enterprises are using cloud computing infrastructure as a service platform model to support their production environments. These are crucial production environments that are moving to the cloud. So, organizations are moving to the cloud, you are likely doing it as well, but are you secure? 

Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Friday Mar 15, 2013

Finding Oracle Database Security Information

One of the many issues security professionals face is tracking down information for their particular security challenges. Oracle has a multitude of resources across our comprehensive database security defense-in-depth solutions. Quite frankly, it can be difficult to find the particular information you're looking for. So, here's an attempt to consolidate some of those key resources: 

Product Information 

 Customer Case Studies

Events and Training

Analyst, News, and Social

Collateral


Wednesday Nov 21, 2012

Closing the Gap: 2012 IOUG Enterprise Data Security Survey

The new survey from the Independent Oracle Users Group (IOUG) titled "Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey," uncovers some interesting trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases.
Closing the Gap: 2012 IOUG Enterprise Data Security Survey Report
"Despite growing threats and enterprise data security risks, organizations that implement appropriate detective, preventive, and administrative safeguards are seeing significant results," finds the report's author, Joseph McKendrick, analyst, Unisphere Research.

Produced by Unisphere Research and underwritten by Oracle, the report is based on responses from 350 IOUG members representing a variety of job roles, organization sizes, and industry verticals.

Key findings include

  • Corporate budgets increase, but trailing. Though corporate data security budgets are increasing this year, they still have room to grow to reach the previous year’s spending. Additionally, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise.
  • Danger of unauthorized access. Less than a third of respondents encrypt data that is either stored or in motion, and at the same time, more than three-fifths say they send actual copies of enterprise production data to other sites inside and outside the enterprise.
  • Privileged user misuse. Only about a third of respondents say they are able to prevent privileged users from abusing data, and most do not have, or are not aware of, ways to prevent access to sensitive data using spreadsheets or other ad hoc tools.
  • Lack of consistent auditing. A majority of respondents actively collect native database audits, but there has not been an appreciable increase in the implementation of automated tools for comprehensive auditing and reporting across databases in the enterprise.

IOUG Recommendations
The report's author finds that securing data requires not just the ability to monitor and detect suspicious activity, but also to prevent the activity in the first place. To achieve this comprehensive approach, the report recommends the following.

  • Apply an enterprise-wide security strategy. Database security requires multiple layers of defense that include a combination of preventive, detective, and administrative data security controls.
  • Get business buy-in and support. Data security only works if it is backed through executive support. The business needs to help determine what protection levels should be attached to data stored in enterprise databases.
  • Provide training and education. Often, business users are not familiar with the risks associated with data security. Beyond IT solutions, what is needed is a well-engaged and knowledgeable organization to help make security a reality.

Monday Feb 14, 2011

Oracle Introduces a New Line of Defense for Databases

[Read More]

Friday Dec 10, 2010

Steps to Mitigate Database Security Worst Practices

[Read More]
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2016
SunMonTueWedThuFriSat
     
1
2
3
4
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
       
Today