Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 56 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » October 2009 » Oracle's new Oracle database security and compliance solution

[Previous entry: "Nice Summary of setting up audit options"] [Next entry: "Spoofing users and programs and presenting at OWASP"]

Oracle's new Oracle database security and compliance solution

October 12th, 2009 by Pete


I saw a few posts on news channels at the turn of the current month talking about Oracles new "Oracle database security and compliance solution". A quick search of google shows that this seems to have been a heavilly promoted launch for India. The problem for me is two fold.

Firstly, the name of the "solution" entices interest for me as its Oracle Security related so I wanted to have a look. The press releases talk about the fact that RBI guidelines demand secure use and storage of financial data such as credit card and personal banking details; The solution aims to help banks reach compliance guidelines quickly. There are lots of nice words about enforcing security at the database level; there is talk about the solution building controls at the data level and the fact that 80% of India's banks use Oracle is quite compelling for a solution such as this BUT for me there is a lack of detail about what exactly it is; except that is for a list of Oracle products, database vault, audit vault, label security, enterprise management packs such as patch management, data masking and much more.

Second, most, if not all are cost options on top of enterprise edition licenses but even if you move the cost out of the equation implementing these packages is an immense undertaking in its own right (more cost). Where is the actual solution? - I cannot find more details on the net or on Oracles' site. If you need to implement these packages for RBI compliance then whats the "glue" that hold them together; that makes implementing simple? a standard solution should not be possible as every site has different combinations of database versions, platforms, applications used and importanly implementation details.

The fact that this is launched for the Indian market only and for RBI compliance certainly hints that its definetely not just a list of additional cost options and that there is more details substance to "how" you would use these products to comply in India.

I am all for new Oracle security solutions, I would just like to see what the value add is with this, how it works and also to confirm that its not just a list of value add products; which I am sure it isn't.

October 2009
SMTWTFS
    123
45678910
11121314151617
18192021222324
25262728293031

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!