Tuesday Jun 25, 2013

Latest Edition of Security Inside Out Newsletter Now Available

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then subscribe to get the latest database security news. This bi-monthly edition includes:

Q&A: Oracle CSO Mary Ann Davidson on Meeting Tomorrow's Security Threats

Oracle Chief Security Officer Mary Ann Davidson shares her thoughts on next-generation security threats.  Read More

New Study: Increased Security Spending Still Not Protecting Right Assets

Despite widespread belief that database breaches represent the greatest security risk to their business, organizations continue to devote a far greater share of their security resources to network assets rather than database assets, according to a new report issued by CSO and sponsored by Oracle. Read More


Thursday Jun 13, 2013

Why Rabobank Chose Oracle Database Vault

Rabobank was faced with two major challenges: addressing international compliance requirements and protecting sensitive data from privileged database users. In this podcast, Niels Zegveld, manager of database administration, tackled these challenges using Oracle Database Vault, without impacting system performance or applications.

Niels manages the database team that supports the investment banking business. The team runs Oracle Database 11g and Oracle Enterprise Manager to manage the maintenance of their databases. They have a mix of applications including Oracle FLEXCUBE and custom-built solutions.

Addressing Regulatory Requirements and Demonstrating Separation of Duties

Being an international bank, Rabobank must comply with mulitple regulations and regulatory bodies, including the Dutch National Bank and the FSA. As part of these regulations, Rabobank had to demonstrate that employees, or applications, that have access to sensitive data are the only ones that are authorized to have access.

The requirements of separtion of duties and securing sensitive financial data were originally handed over to the security department. Their first instinct was to look at solutions that were outside of the database, however, none of the solutions were able to cover the requirements. This lead the security team to begin discussions with the database team to find out what suggestions they could offer. Niels' team was able to come up with a solution that would support all  requirements and be easy to manage.

Oracle Database Vault

Working with Oracle security experts and Oracle Database Vault, Rabobank is addressing best practices of separtion of duties and least privilege while protecting sensitive data from privileged users. Niels is happy to say they have passed their audits and found that performance tests show neglible impact to their systems and users. 

Listen to the entire podcast to learn more.  

About Rabobank

According to Hoovers, Rabobank Group was founded as a cooperative of Dutch agricultural banks in 1898, the company has some 140 member banks that have about 875 branches in the Netherlands and dozens of subsidiaries around the world that focus on the food, agribusiness, and financial industries. The cooperative's wholesale and international retail banking arm, Rabobank International, has offices in some 30 countries. 

Wednesday Jun 05, 2013

Comprehensive Database Security Defense-in-Depth

Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security. 

Oracle Database Security

When Oracle talks about having a comprehensive database strategy, it includes defense-in-depth security controls that protect multiple layers in and around the database environment.

  • Preventive controls are those that are intended to avoid an incident from occurring
  • Detective controls help identify an incident's activities and potentially an intruder
  • Administrative controls are the tools that help with the process and procedures associated with database security
To learn more about each of the Oracle Database Security controls, please visit oracle.com/database/security

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« June 2013 »
SunMonTueWedThuFriSat
      
1
2
3
4
6
7
8
9
10
11
12
14
15
16
17
18
19
20
21
22
23
24
26
27
28
29
30
      
Today