Tuesday May 26, 2015
Tuesday Dec 17, 2013
By Troy Kitch-Oracle on Dec 17, 2013
- Where is all of my sensitive data?
- Who has access to that data?
As we look forward into 2014, the following trends highlight the importance of data security. Read More in the latest edition of the Security Inside Out Newsletter.
Tuesday Oct 29, 2013
By Troy Kitch-Oracle on Oct 29, 2013
The latest October edition of the Security Inside Out newsletter is now available and covers the following important security news:
Securing Oracle Database 12c: A Technical Primer
The new multitenant architecture of Oracle Database 12c calls for adopting an updated approach to database security. In response, Oracle security experts have written a new book that is expected to become a key resource for database administrators. Find out how to get a complimentary copy.
HIPAA Omnibus Rule Is in Effect: Are You Ready?
On September 23, 2013, the HIPAA Omnibus Rule went into full effect. To help Oracle’s healthcare customers ready their organizations for the new requirements, law firm Ballard Spahr LLP and the Oracle Security team hosted a webcast titled “Addressing the Final HIPAA Omnibus Rule and Securing Protected Health Information.” Find out three key changes affecting Oracle customers.
The Internet of Things: A New Identity Management Paradigm
By 2020, it’s predicted there will be 50 billion devices wirelessly connected to the internet, from consumer products to highly complex industrial and manufacturing equipment and processes. Find out the key challenges of protecting identity and data for the new paradigm called the Internet of Things.
Thursday Mar 21, 2013
By Troy Kitch-Oracle on Mar 21, 2013
Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian
Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security.
Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology
Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.
Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground
Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.
Wednesday Nov 21, 2012
By Troy Kitch-Oracle on Nov 21, 2012
The new survey from the Independent Oracle Users Group (IOUG) titled "Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey," uncovers some interesting trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases.
"Despite growing threats and enterprise data security risks, organizations that implement appropriate detective, preventive, and administrative safeguards are seeing significant results," finds the report's author, Joseph McKendrick, analyst, Unisphere Research.
Produced by Unisphere Research and underwritten by Oracle, the report is based on responses from 350 IOUG members representing a variety of job roles, organization sizes, and industry verticals.
Key findings include
- Corporate budgets increase, but trailing. Though corporate data security budgets are increasing this year, they still have room to grow to reach the previous year’s spending. Additionally, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise.
- Danger of unauthorized access. Less than a third of respondents encrypt data that is either stored or in motion, and at the same time, more than three-fifths say they send actual copies of enterprise production data to other sites inside and outside the enterprise.
- Privileged user misuse. Only about a third of respondents say they are able to prevent privileged users from abusing data, and most do not have, or are not aware of, ways to prevent access to sensitive data using spreadsheets or other ad hoc tools.
- Lack of consistent auditing. A majority of respondents actively collect native database audits, but there has not been an appreciable increase in the implementation of automated tools for comprehensive auditing and reporting across databases in the enterprise.
The report's author finds that securing data requires not just the ability to monitor and detect suspicious activity, but also to prevent the activity in the first place. To achieve this comprehensive approach, the report recommends the following.
- Apply an enterprise-wide security strategy. Database security requires multiple layers of defense that include a combination of preventive, detective, and administrative data security controls.
- Get business buy-in and support. Data security only works if it is backed through executive support. The business needs to help determine what protection levels should be attached to data stored in enterprise databases.
- Provide training and education. Often, business users are not familiar with the risks associated with data security. Beyond IT solutions, what is needed is a well-engaged and knowledgeable organization to help make security a reality.
Friday Sep 21, 2012
Tuesday Jun 21, 2011
Who are we?
Follow us on
- Security Inside Out Newsletter, July Edition is Out
- Database Administrators –the Undercover Security Superheroes
- Inoculate the Cloud: Moving to the Cloud FOR Security
- MIT Technology Review: Diversity of Big Data Sources Creates Big Security Challenges
- Oracle Database 12c Real Application Security Administration Application - Now Available on OTN
- Security Inside Out Newsletter, May Edition
- Securing the Big Data Life Cycle: A New MIT Technology Review and Oracle Paper
- Using Earthquakes to Predict Cybercrime
- 86% of Data Breaches Miss Detection, How Do You Beat The Odds?
- Three Big Data Threat Vectors