I saw a few posts on news channels at the turn of the current month talking about Oracles new "Oracle database security and compliance solution". A quick search of google shows that this seems to have been a heavilly promoted launch for India. The problem for me is two fold.
Firstly, the name of the "solution" entices interest for me as its Oracle Security related so I wanted to have a look. The press releases talk about the fact that RBI guidelines demand secure use and storage of financial data such as credit card and personal banking details; The solution aims to help banks reach compliance guidelines quickly. There are lots of nice words about enforcing security at the database level; there is talk about the solution building controls at the data level and the fact that 80% of India's banks use Oracle is quite compelling for a solution such as this BUT for me there is a lack of detail about what exactly it is; except that is for a list of Oracle products, database vault, audit vault, label security, enterprise management packs such as patch management, data masking and much more.
Second, most, if not all are cost options on top of enterprise edition licenses but even if you move the cost out of the equation implementing these packages is an immense undertaking in its own right (more cost). Where is the actual solution? - I cannot find more details on the net or on Oracles' site. If you need to implement these packages for RBI compliance then whats the "glue" that hold them together; that makes implementing simple? a standard solution should not be possible as every site has different combinations of database versions, platforms, applications used and importanly implementation details.
The fact that this is launched for the Indian market only and for RBI compliance certainly hints that its definetely not just a list of additional cost options and that there is more details substance to "how" you would use these products to comply in India.
I am all for new Oracle security solutions, I would just like to see what the value add is with this, how it works and also to confirm that its not just a list of value add products; which I am sure it isn't.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Nice Summary of setting up audit options"] [Next entry: "Spoofing users and programs and presenting at OWASP"]
October 2009
- IOUG Data Security Report 2009 is out - 10/02/2009 by 10/02/2009
- 60 million password hashes/second Oracle password cracker available - 10/05/2009 by 10/05/2009
- Oracle Security Worst Practices - 10/06/2009 by 10/06/2009
- How many Security bugs are in the Oracle database software product set - 10/07/2009 by 10/07/2009
- Expert Oracle Practices: Oracle database administration from the oak table - 10/08/2009 by 10/08/2009
- Nice Summary of setting up audit options - 10/09/2009 by 10/09/2009
- Oracle's new Oracle database security and compliance solution - 10/12/2009 by 10/12/2009
- Spoofing users and programs and presenting at OWASP - 10/13/2009 by 10/13/2009
- SQL Injection and a presentation on data security - 10/14/2009 by 10/14/2009
- OWASP Leeds meeting slides available - 10/15/2009 by 10/15/2009
- Oracle's October pre-cpu advisory is released - 10/16/2009 by 10/16/2009
- Health Data Theft - 10/20/2009 by 10/20/2009
- October 2009 Critical Patch Update is out; Paul has a paper on escalation to OSDBA - 10/21/2009 by 10/21/2009
- Mary Ann Davidson fields security questions at Open World - 10/23/2009 by 10/23/2009
- Cold remedies and Oracle Security - 10/26/2009 by 10/26/2009
- A new Oracle Security book.... or three! - 10/27/2009 by 10/27/2009
- Some training and speaking dates - 10/28/2009 by 10/28/2009
- Update to Dennis Yurichevs FPGA cracker plus exploit code for the CPU CVSS 10.0 bug - 10/30/2009 by 10/30/2009
Archives
Syndication
Powered by gm-rss 2.0.0
