space October 2, 2008 | Vol. 3 No.3 space space space space space IOUG ResearchWire space space space space space space space Welcome to IOUG ResearchWire, an information resource prepared by Database Trends and Applications magazine and the 5 Minute Briefing: Oracle newsletter and published in cooperation with the Independent Oracle Users Group (IOUG), the leading association of Oracle database managers, developers, and administrators. IOUG ResearchWire provides key proprietary research of interest to the Oracle technology and database community.
Your applications contain sensitive data that requires protection. Oracle Database Vault, the industry's most advanced real-time database security product, transparently prevents unauthorized access to application data as well as intentional or accidental harmful database changes by any users, even privileged users. Oracle Database Vault acts like a firewall inside your database, providing multi-factor authorization for data access based on time of time of day, system address, authentication mechanism, and many other built-in or custom-defined factors. Oracle Database Vault does not require changes to existing applications and comes with Oracle certified policies for Oracle PeopleSoft Enterprise, Oracle E-Business Suite, and Siebel CRM applications. Learn more <http://www.oracle.com/webapps/dialogue/dlgpage.jsp?p_ext=Y&p_dlg_id=664 1086&src=6642149&Act=55> . Enterprise Data Insecurity: Are Organizations Prepared for the Threat >From Within? Download the Survey <http://www.ioug.org/tech/articles/ResearchWire-DataSecurity.pdf> The scope of some of the largest data breaches across the landscape are legendary, and well reported--from 94 million records exposed through a hacking incident at TJX Companies Inc. in January 2007 to more than six million at Ameritrade in September of the same year. There's no question that these incidents are costly to enterprises. Along with direct financial losses, there's an incalculable cost to the organization in terms of bad publicity, a loss of trust among customers, and exposure to potential lawsuits. However, it's the unseen and unreported incidents that may really be costing enterprises the most. A disgruntled database administrator, for example, may be able to access, undetected, payroll data from across the enterprise. The administrator doesn't have to be a direct employee--he or she may work for a partner company that regularly processes sensitive data such as customer credit card or Social Security numbers. There's no assurance that the partner company engages in safe practices, such as encrypting or de-identifying sensitive data. How effective is database security overall? How do data managers and professionals perceive the issues around database security? Do they feel enough is being done to protect against internal data breaches or incidents? According to the results of a new survey among members of the Independent Oracle Users Group (IOUG), not enough is being done to address these risks and vulnerabilities in data security issues. In July and August of 2008, Unisphere Research conducted a study for the IOUG to address these questions, and more. The survey was conducted in cooperation with Oracle Corp. The survey was announced via an email notification to the IOUG membership list, which directed participants to a Web-based survey instrument. A total of 316 responses were collected by the survey deadline. The survey found that while organizations continue to be concerned about IT security in general, and most support the concept of data security, few have addressed the key vulnerabilities stemming from exposure of data to internal sources. Most recognize that internal sources are the greatest risk and vulnerability, but only a minority has addressed security to monitor "super users"--such as administrators with heightened access privileges--either onsite or offsite. Part of the reason is the complexity of multiple database sites. Many respondents represent sites with large volumes of databases. Forty percent of those surveyed manage greater than 100 databases, and 20 percent manage in excess of 500 databases. Of the 316 respondents to the survey, 57 percent indicated they are database administrators, nine percent identified themselves as IT managers, seven percent as developers, and the remaining 27 percent said they hold a variety of titles, including that of consultant, architect, and project manager. Respondents came from a fairly even split among company sizes. About a third, 31 percent, came from large organizations with more than 10,000 employees, and more than a third, 35 percent, represented employers with 1,000 to 10,000 employees. In addition, 30 percent are with smaller to medium-size firms with 1,000 or fewer people. By industry, 15 percent came from the IT services and consulting sector, and 11 percent represented government organizations. Ten percent were with educational organizations and another 10 percent were with financial services organizations. (For more information on the demographics of this survey, see Figures 28 through 31 at the end of this report.) This survey explored a number of areas of data vulnerability, including the ability to monitor the activities of super users, the shipping of data offsite, the encryption of the data, and the use of sensitive data in "non-production" settings, such as testing or staging. Finally, the survey examined the monitoring and auditing practices around data. The survey found that respondents are concerned about the potential of "super users"--administrators, partners, or other employees with access privileges--to either maliciously or unintentionally comprise enterprise data. However, significant segments of respondents acknowledged that their companies do not have many of the appropriate measures in place that address what happens with data once it's taken from production systems and either sent offsite for administration or storage. To download the survey, click here <http://www.ioug.org/tech/articles/ResearchWire-DataSecurity.pdf> . Back to Top Back to Top Survey Sponsor space Oracle FREE: Oracle Database Security Resource Kit <http://www.oracle.com/webapps/dialogue/dlgpage.jsp?p_ext=Y&p_dlg_id=668 3358&src=6642149&Act=51> Learn how Oracle can help your organization address data privacy, insider threats, and regulatory compliance. Request <http://www.oracle.com/webapps/dialogue/dlgpage.jsp?p_ext=Y&p_dlg_id=668 3358&src=6642149&Act=51> your free Oracle Database Security Resource Kit containing technical white papers, step-by-step tutorials, as well as analyst reports, expert webcasts, and a self-assessment tool to get you started today. space space Keep Receiving This Newsletter. Don't miss future editions of IOUG ResearchWire. Please take a moment to add [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> and/or the emediapro.com domain to your email address book, spam software white list, or mail system white list. This will help ensure that you continue to receive messages from DBTA/Unisphere Media.Thanks. This message has been sent on behalf of the Independent Oracle Users Group (IOUG), under the terms of the IOUG Privacy Policy, by Unisphere Media, an IOUG partner organization. You may opt out of future editions of IOUG ResearchWire by clicking here: http://listserv.onlineinc.com/[EMAIL PROTECTED] ce.infotoday.com Problems with this message? Send an e-mail to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . Please do not reply to this message, as it was sent from an unattended mailbox. Unisphere Media, a division of Information Today, Inc. 229 Main Street, Chatham, NJ 07928 Tel: 973-665-1120 Fax: 973-665-1124 Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/CBE-Software-Engineer?hl=en -~----------~----~----~----~------~----~------~--~---
