Oracle Database Security for Security Administrators




Thank you everyone who joined us yesterday for our “Oracle Database<br/> Security for Security Administrators” webcast with Rich Mogull hosted Network<br/> World


Thank you
everyone who joined us yesterday for our “ href="http://www.networkworld.com/OracleLive1">Oracle Database Security for
Security Administrators” webcast with Rich Mogull hosted Network World. If
you missed it, you can catch the href="http://www.networkworld.com/OracleLive1">replay the on-demand version
and join us for the next one in the series, “Information Security for Database
Administrators” on February 5, 2009 – I will post registration info as soon as
it’s available.

During the
webcast we ran some polls and I know everyone is curious about the results so
here they are.

 

style='border:outset #666666 1.0pt'>









style='font-size:8.5pt;font-family:Arial;color:black'>Oracle Database
Security for Security Administrators Webcast Poll Results


























Votes Received: 68



POLL #1--What group in your organization is primarily responsible
for database security?



Security  29.4% (20)



Database  48.5% (33)



Risk/Compliance  0% (0)



Applications/Development   style='font-size:8.5pt;font-family:Arial;color:#BB0000'>13.2% style='font-size:8.5pt;font-family:Arial;color:black'>  style='font-size:8.5pt;font-family:Arial;color:#00BB55'>(9)



Other  8.8% (6)































Votes Received: 54



POLL #2--What percentage of your databases with sensitive data
are encrypted?



<5%  44.4% (24)



5-10%  11.1% (6)



10-25%  11.1% (6)



25-50%  11.1% (6)



50-75%  7.4% (4)



100%  14.8% (8)



















Votes Received: 49



POLL #3--Are all your database backups and exports encrypted?



Yes  34.7% (17)



No  65.3% (32)





 


Note the
first question was actually asked as “What group(s) in your organization is responsible
for database security? (Check all that apply)” but unfortunately the console
only allowed selecting one option so we had folks vote on which group was
primarily responsible. Not surprisingly about 50% selected Database and about
30% selected the Security Group. We saw very similar results in the href="http://www.oracle.com/go/?&Src=6642149&Act=212&pcode=NAMK08041102MPP043">2008
IOUG Data Security Report which was in large part what motivated me to talk
to Rich about doing this href="http://securosis.com/2008/12/16/database-security-webcast-tomorrow/">series
on database security for security administrators information security for
database administrators. That said, I’m really curious about that 8.8% Other.
If you were one of the folks that voted for Other, please post on the blog and
let us know what group in your organization is responsible for database
security??

It was also
encouraging to see close to 50% are doing some database encryption. Again this
number is consistent with other surveys I’ve seen recently and has been slowly
creeping up over the years. But the fact that less than 15% are encrypting all
the databases containing sensitive information says we still have a long way to
go. And the fact that over 65% are still not encrypting all backups and exports
says we can expect those data breach rates to keep climbing in 2009. Sigh.
Looks like a bunch of you felt too guilty to even respond to that question so
I’m guessing there were actually even more of you out there not encrypting your
backups and exports. As one of the hundreds of millions of people who’s
personally identifiable information was exposed due to a lost backup tape, I
personally implore you to start encrypting your backups and exports today!

You can
download our free href="http://www.oracle.com/go/?&Src=6642149&Act=248&pcode=NAMK08041102MPP014">Oracle
Advanced Security Resource Kit to help you get started. href="http://www.oracle.com/database/advanced-security.html">Oracle Advanced
Security is a complete database encryption solution you can use to encrypt
data at rest within the database, data in transit between your applications and
the database, as well as all your exports and backups. The
encryption/decryption happens transparently within the database kernel so there
are no changes to your applications required. As one of our customers put it in
an href="http://www.oracle.com/technology/oramag/oracle/08-sep/o58secure.html">Oracle
Magazine on article database security a few months ago, “Oracle product has
truly lived up to its name—it is truly transparent data encryption.”

If you want
to learn more about href="http://www.oracle.com/database/advanced-security.html">Oracle Advanced
Security (and Oracle
Data Masking
for protecting data in non-production environments), you can
also register for our href="http://www.oracle.com/go/?&Src=6642149&Act=278&pcode=NAMK08041102MPP088">free
live seminar on January 8.


Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today