Oracle Magazine - September/October 2008

from the EDITOR
Know Who, Know What, Know How
Secure your identities and information with Oracle security solutions.

e don’t know who had access, and we don’t know exactly what was stolen.” It’s still embarrassing, but that’s what my then roommate and I told a San

Francisco police officer many years ago when we reported the burglary of our apartment.

At the time I was living in my first apartment in San Francisco. The roommate was my third in as many years, and my past and present roommates and I had hosted numerous houseguests (because a free place to stay in San Francisco was a popular thing). And for every new roommate and every new houseguest, I seemed to be making new keys.

The police officer investigating the burglary asked who had keys to the apartment, because there were no signs of forced entry. My roommate and I responded by rattling off several definite names and guesses of additional people who might have keys. The officer stopped at that point and said, “That’s too many keys.” She then asked what had been taken.

The burglar had taken an unknown amount of cash, some inexpensive jewelry, and several small and difficult-to-describe things—nothing electronic and nothing with a serial number. When we relayed this information to the police officer, she let us know that she was done with the report and that there was nothing more the police could do. She added that the burglar probably had a key and the stolen items weren’t traceable.

DÉJÀ VU

Over the last few years, I’ve read and seen reports of businesses that suffered information system security breaches but could not identify who breached the system and what information was compromised. Fortunately, new governance and compliance regulations mean the “we don’t know who” and “we don’t know what” responses to information security questions need to become quite rare.

nextSTEPS

READ more about

Oracle Identity Management oracle.com/products/middleware/identity-management/identity-management.html Oracle Database security solutions oracle.com/database/security.html

Oracle Open World 2008 oracle.com/openworld/2008

LISTEN to Building Service-Oriented Security oracle.com/magcasts

In information technology, knowing and managing the identities of your system users requires identity management. Oracle Identity Management products manage the end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall, and these products are designed to deploy applications fast, apply granular protection to enterprise resources, and automatically eliminate latent access privileges. “Managing Identity Diversity” (page 46) describes how businesses are using Oracle Identity Management products to go beyond managing identities and meeting compliance regulations to improving business efficiencies—and contributing to the company’s bottom line. The “Building Service-Oriented Security” sidebar in that article (page 49) discusses security for service-oriented architecture (SOA) and how companies can get there.

Knowing what data is being accessed and providing extra protections for sensitive data requires database security. Oracle Database security products ensure data privacy, protect against insider threats, and enable regulatory compliance—and these products are designed to protect data at rest in the database, in transit, and in backups. In “*Restrictions Apply” (page 43), businesses describe how they are using Oracle Database security products to control data access by privileged users, meet compliance requirements, and, again, contribute to the company’s bottom line.

CHANGING THE ENTERPRISE LOCKS

For me, changing the front-door lock to my apartment was an easy solution to help prevent future burglaries and meaningless “we don’t know” reports to the police. In information security, however, there isn’t one lock, one type of user, or one security level for all data, so a security solution has multiple components. Together, Oracle Identity Management and Oracle Database security products can manage identities in the SOA world, secure enterprise information, meet compliance requirements, and help keep “we don’t know” reports on information security out of the news.