organizations to easily safeguard their data without significantly
affecting performance or IT infrastructure.
“Organizations have the technology to safeguard their databases
without trading off performance or manageability,” says Vipin
Samar, vice president of database security development at Oracle.
“Today’s solutions make it very easy.”
SECURING THE FINANCIAL MARKET
For a financial services company such as CMC Markets, compliance,
database security, and audit responsibility are especially critical.
Systems include lots of private data, including customer details,
transaction history, and business data.
“Oracle Database Vault allows us to provide security to areas
and applications that had limited or no security before,” says CMC
Markets’ Gharu. “Coding a new solution would have taken a lot
longer and would have taken time and resources that the business
just didn’t have. Using Oracle Database Vault allows us to focus on
the real product changes that we have to make and not tie up our
time trying to retrofit security.”
And not having to retrofit security means faster security
implementations. “By using Oracle Database Vault, we
implemented all the hardened security for Oracle E-Business Suite
within a week,” says Gharu. “It really shortened the time it would
have taken us to deploy high-strength security for our projects.”
CMC Markets is using Oracle security solutions, including Oracle
Audit Vault, on hundreds of applications.
“Oracle Audit Vault allows us to start taking a more streamlined
approach to auditing by giving the right internal groups access to
data so they can keep an eye on violations or restrictions, as well as
control access,” says Gharu. “The attractive thing about Oracle Audit
Vault is that it works with Oracle and non-Oracle databases. You
can use Oracle Audit Vault to get a complete enterprise view of the
activity across all your databases.”
CERTIFIED SECURI T Y
Like CMC Markets, the Educational Testing Service (ETS) in
Princeton, New Jersey, also needed advanced database security
options to meet new regulatory and customer requirements.
ETS is a global leader in creating, managing, and evaluating
a wide range of assessment tests including the GRE test and the
College Board’s SAT test. Last year, the company administered and
evaluated more than 50 million tests in 180 countries.
The company has always recognized the importance of protecting
its customer data, and a few years ago it implemented a program
to demonstrate, through externally established standards, that it
safeguards the personal data it collects.
“We must ensure that our customer information is safe and
secure, as well as protect our globally recognized brand equity,” says
Brad Peiffer, I T director at ETS.
The organization was able to use the Transparent Data Encryption
feature of Oracle Advanced Security to protect a wide range of
databases and systems.
Defense
in
Depth
Good database security takes a
multifaceted (but straightforward) strategy.
“A defense-in-depth
approach to security allows
organizations to completely
protect important data, while
balancing performance and
manageability,” says Vipin
Samar, vice president of database security development
at Oracle.
Defense-in-depth means
that an organization must
create multiple barriers to
defend its data against many
different potential attacks. A
complete defense-in-depth
strategy includes three main
components: encryption,
access control (especially
privileged user access control),
and auditing and monitoring.
Database security must be part
of a comprehensive IT security
strategy that also takes into
account other security best
practices such as identity management, role-based access
control, and enterprisewide
entitlements management.
• Encryption. Encryption
ensures that even if unau-
thorized users gain physical
access to your data, they
won’t be able to read the
data because it is encrypted.
Almost all states in the U.S.
and many other countries
have passed laws requiring
organizations to protect per-
sonally identifiable informa-
tion data as well as important
financial information such
as credit card numbers. By
encrypting data, organiza-
tions ensure that someone
who may get access to the
database file, database
traffic, or database backups
cannot actually read the data.
Oracle Advanced Security
provides a complete encryp-
tion solution that addresses
all these needs without
changes to applications.
