The Oracle Australia and New Zealand Middleware and Technology Blog.

Friday, June 27, 2008

More lost or stolen data

Michael Specht posted an interesting article on his blog regarding the continual problem of organisation loosing sensitive information. I posted a reply outlinning some other challenges around data protection. This is indeed an area where Oracle has a significant value proposition to help protect an organisation.

When you look at where sensitive data resides it often sits on some type of system that has Oracle involvement. Either simple the data may reside on an Oracle database, be access via an Oracle Application or rights granted from Oracle's Identity Management Suite.

So with the complexities of modern enterprise organisations where do you start ?. A good place is the security tool that in a few minutes can give you a high level overveiw on your current data risk. Once you know yor risk it then depends on the individual organisations appetite for risk. Public sector and FSI for instance need to treat data protection and the privacy of their employee's and customers with the utmost respect. While other organisations perhaps in manufacturing dont have the same customer issues since they deal with B2B and hence looking after their own employee's tax file number and bank details could be enough.

Oracle does excel in several significant areas of data protection including Information Rights Management to help lock down sensitive information that could be leaked outside of the firewall. Idnetity Management has an excellent attestation capability to give you an accurate view on who has access to what. Once you know who has access to what Enterprise Role Manager can help you digest and manage the complex relationships between the organisational business roles and IT system levels of privilages access. With IDM and ERM you no have a clear picture of who has access to what. But then due to various access rights and privilage creep you still can benefit from preventative and detective controls to close the loop.

With Datavault protecting your Oracle systems a company can be assured that the super user's are not violating privacy policies by masking or preventing access to sensitive data on the database. Or AuditVault can be used as a method of deploying a secure audit capability that will prove who accessed what critical or confidential peice of information. Auditvault not only looks after Oracle databases that are typically at the core of an organisation but ende databases by other vendors that are typically used at the departmental level and outside of the tight contols associated with a datacenter.

If you or your customer is concerned with privacy, or intellectual propery theft or leakage. Is wondering what the impending eDiscovery legislation means to you or the Privacy Act ammendments then talk to Oracle today.
Cheers
Carl Terrantroy