By Troy Kitch-Oracle on Feb 03, 2015
As you look at data, you will quickly realize that not all data is equal. What do I mean by that? Quite simply, some data simply does not require the same security controls as other data.
When explaining this to customers, we use a metals analogy to simplify the provisioning of controls. Bronze to represent the least sensitive data, up through to Platinum, the highest value and most sensitive data within an organization.
Thinking in this manner provides the ability to refine many configurations into a few pre-configured, pre-approved, reference architectures. Applying this methodology is especially important when it comes to the cloud. It comes down to consistency in applying security controls, based on the data itself.
Oracle’s preventive, detective, and administrative pillars can be applied to the various data categorizations. At this point in the conversation, customers begin to understand more pragmatically how this framework can be used to align security controls with the value, or sensitivity, of the data.
Security practitioners can then work with lines of business to assign the appropriate level of controls, both systematically and consistently across the organization.
So for example, at the bronze level, items such as application of patches, secure configuration scanning and the most basic auditing would be appropriate. Data deemed more sensitive, such as personally identifiable information, or personal health information, require additional security controls around the application data. This would include, for example, blocking default access by those designated as database administrators.
Then finally, at the highest data sensitivity level--Platinum level--should exhibit blocking database changes during production time frames, preventing SQL injection attacks and centralized enterprise-wide reporting and alerting for compliance and audit requirements.
To learn more about Oracle Security Solutions, download the ebook "Securing Oracle Database 12c: A Technical Primer" by Oracle security experts.