Comprehensive Database Security Defense-in-Depth
By Troy Kitch on Jun 05, 2013
Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security.
When Oracle talks about having a comprehensive database strategy, it includes defense-in-depth security controls that protect multiple layers in and around the database environment.
- Preventive controls are those that are intended to avoid an incident from occurring
- Detective controls help identify an incident's activities and potentially an intruder
- Administrative controls are the tools that help with the process and procedures associated with database security