Tuesday Jun 28, 2016

Register now for Oracle University Security Training Subscription

Protecting corporate information and technology assets from intruders, thieves, and vandals is a significant challenge for most enterprises. Historically, investments in security technology were made by individual technology managers and business units in response to the specific threats they faced. 

CIOs are now implementing technologies that can support the centralized management and enforcement of security policies. Now more than ever, training employees to use these security technologies has become paramount. In response, Oracle University has released updated security training so that customers can get educated on the latest Oracle security content, including:

  • Content developed by industry and product engineers and delivered by expert instructors
  • More than 10 courses totaling over 30 days worth of instructor-led training
  • Over a hundred continuous learning and just-in-time training videos
Curriculum focuses on content from the following key areas:
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Cyber Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
  • and so much more....
Also Available: 
  • Quizzes to assess your understanding of key topics
  • Learning paths to guide your career choices 
  • 24/7 availability of offerings
  • Demonstrations

Subscribe to Oracle Security Learning and get prepared to help your organization reduce its overall risk.

Wednesday Aug 29, 2012

Why Cornell University Chose Oracle Data Masking

One of the eight Ivy League schools, Cornell University found itself in the unfortunate position of having to inform over 45,000 University community members that their personal information had been breached when a laptop was stolen. To ensure this wouldn’t happen again, Cornell took steps to ensure that data used for non-production purposes is de-identified with Oracle Data Masking.

A recent podcast highlights why organizations like Cornell are choosing Oracle Data Masking to irreversibly de-identify production data for use in non-production environments. Organizations often copy production data, that contains sensitive information, into non-production environments so they can test applications and systems using “real world” information. Data in non-production has increasingly become a target of cyber criminals and can be lost or stolen due to weak security controls and unmonitored access. Similar to production environments, data breaches in non-production environments can cost millions of dollars to remediate and cause irreparable harm to reputation and brand.

Cornell’s applications and databases help carry out the administrative and academic mission of the university. They are running Oracle PeopleSoft Campus Solutions that include highly sensitive faculty, student, alumni, and prospective student data. This data is supported and accessed by a diverse set of developers and functional staff distributed across the university.

Several years ago, Cornell experienced a data breach when an employee’s laptop was stolen.  Centrally stored backup information indicated there was sensitive data on the laptop. With no way of knowing what the criminal intended, the university had to spend significant resources reviewing data, setting up service centers to handle constituent concerns, and provide free credit checks and identity theft protection services—all of which cost money and took time away from other projects.

To avoid this issue in the future Cornell came up with several options; one of which was to sanitize the testing and training environments.

“The project management team was brought in and they developed a project plan and implementation schedule; part of which was to evaluate competing products in the market-space and figure out which one would work best for us.  In the end we chose Oracle’s solution based on its architecture and its functionality.” – Tony Damiani, Database Administration and Business Intelligence, Cornell University

The key goals of the project were to mask the elements that were identifiable as sensitive in a consistent and efficient manner, but still support all the previous activities in the non-production environments. Tony concludes, 

“What we saw was a very minimal impact on performance. The masking process added an additional three hours to our refresh window, but it was well worth that time to secure the environment and remove the sensitive data. I think some other key points you can keep in mind here is that there was zero impact on the production environment. Oracle Data Masking works in non-production environments only. Additionally, the risk of exposure has been significantly reduced and the impact to business was minimal.”

With Oracle Data Masking organizations like Cornell can:

  • Make application data securely available in non-production environments
  • Prevent application developers and testers from seeing production data
  • Use an extensible template library and policies for data masking automation
  • Gain the benefits of referential integrity so that applications continue to work

Listen to the podcast to hear the complete interview. 

Learn more about Oracle Data Masking by registering to watch this SANS Institute Webcast and view this short demo.


Who are we?

Follow us on

  • TwitterFacebookLinkedIn


« July 2016