Security is at the forefront of every CIO’s mind. Security is no longer a technology issue, it’s a business issue. The growing number of high-profile incidents in which customer records, confidential information, and intellectual property are leaked, lost or stolen has created an explosive demand for solutions that protect against the deliberate or inadvertent release of sensitive information. This is literally forcing organizations to dedicate more and more of their IT budget to this critical area.
The Internet has had a revolutionary impact on business. It has created great opportunity and has unlocked business opportunity and potential. On the other hand, it has invited higher risk into the business. The Internet has opened the business to the IT security threats.
Security breaches have impacted every industry not just the financial and healthcare areas where confidentiality is so important….it impacts all companies of all sizes in any industry. The complexity and severity of these threats has continued to increase over the years.
Governance and privacy regulations has transformed IT security into a business issue. Every governance and privacy regulation outlines strict security controls which must be implemented within the business. Is a no-vote on the part of business executives…it’s an absolute requirement
The need for Data Security solutions is being driven by two business challenges; regulatory compliance and insider threats.
The demand for solutions that protect sensitive information was originally fueled by industries such as financial services and Healthcare that needed to comply with various government and industry regulations. SOX, HIPPA and PCI are just a few…and there are others. The need for these solutions has definitely moved outside of these highly regulated areas however in the last few years. Privacy failure, or even the mere perceived failure to protect customer data, can result in loss of consumer trust, affect customer retention, and cause significant damage to brand and company reputation.
The second factor driving security is the desire to reduce the risk associated with insider threats. Some studies have concluded that upward of 80% of all threats originate from inside the organization and not from the cyber person on the outside trying to break in. The issue takes on even greater significance when you consider the trend toward database consolidation and the outsourcing / off shoring of more IT functions.
Organizations today realize the internal threat can be just as great or greater than the external threat. While enterprises have focused on keeping the criminals out…they have spent minimal investments on information repositories such as Databases. Those people on the inside have tremendous and unregulated access in many cases.
One of the really good things that has come out of the regulatory compliance push is that it has given organizations time and budget to go back and look at the internal processes.
But even though enterprises realize the magnitude of the issues there are huge challenges that customers face due to the fact that today nearly all corporate information exists in electronic form, typically stored in databases so it stands to reason that enterprises must secure their databases as part of any information protection strategy. Database security is a preemptive approach designed to keep it from happening. As part of this preemptive strategy, enterprises are consolidating their electronic assets into database systems for better protection and control of access to those assets
Fundamentally database security must address five areas: Access to data, protection of that data, classification of data on a “need to know” basis, knowing what you can/cannot share and monitoring of database activities.
Where we create value to the issues is that Oracle provides a comprehensive and integrated information security architecture and best-in-class solutions that address all of these customer challenges. These solutions are designed to attack the both insider threats and regulatory requirements.
There are 6 primary components to Oracle’s database security platform: Database Vault, Advanced Security Option, Label Security, Data Masking, Audit Vault and Configuration management. Let’s touch briefly on each of these areas and what capabilities they provide at the highest level.
Database Vault protects application data inside the database by restricting when, where, how, and by whom data is accessed.
Oracle Advanced Security helps customers address regulatory compliance requirements by protecting sensitive data on the network, on backup media or within the database, from unauthorized disclosure…..all of this without any changes to the existing application.
Oracle Label Security – Allows administrators to classify every row in a table, ensuring access to sensitive data is restricted to only those users with the appropriate clearance level
Oracle Data Masking Pack helps organizations comply with privacy and confidentiality laws during the entire QA process. The solution replaces sensitive data in the database with realistic-looking, scrubbed data based on masking rules so that the QA staff can use real data and authentic application and database scenarios in their testing processes.
Oracle Audit Vault is a high security audit data warehouse that can easily scale to terabytes of audit data for reliable enterprise alerting and reporting. This is where tremendous cost savings in the audit process can take place as well as magnify the preemptive strategy that we discussed earlier.
Oracle Enterprise Manager Configuration Management Pack continuously monitors all the databases in your enterprise for security and compliance configuration issues providing scores, dashboards, and reports.
© 2010, www.oracledatabase12g.com. 版权所有.文章允许转载,但必须以链接方式注明源地址,否则追究法律责任.
相关文章 | Related posts:
- Oracle BI Enterprise Edition 11g Installation,Upgrade,Security
- Oracle Database 11g: Security Student Guide
- Know about Oracle Network Security
- Minimum Software Versions and Patches Required to Support Oracle Products on IBM Power Systems
- Oracle Database 11g: Change Management Overview eStudy
- Protecting Applications Using Oracle 11g Database Vault
- Oracle Database 11g: New Features Overview eStudy Student Guide
- Database Initialization Parameters for Oracle Applications Release 12
- Oracle Secure Enterprise Search DB11g Web Seminar
- Oracle In-Memory Database Cache Oracle TimesTen In-Memory Database
最新评论