It might be interesting to know that the estimated value of lost business every year due to cybercrime is around a trillion dollars. Even though IT departments have been trying to ensure their systems are safe and secure and even though spending on IT security budget has doubled in the past couple of years we still see a lot of data breaches over and over again.
In the past year some notable data breaches have occurred and made the news. It is estimated that the know breaches are only a fraction of the real number of breaches in security and leakage of confidential data. Some of the most notable breaches that have hit mainstream news are:
- US PERSONELL MANAGEMENT OFFICE, 22,200,000 people affected due to loss of confidential information.
- HARVARD UNIVERSITY, 8 colleges affected due to compromised databases holding personal data.
- LASTPASS, 7,000,000 passwords compromised
- ASHLEY MADISION, 37,000,000 people affected due to the loss of personal data
- ANTHEM HEALTH INSURANCE, 80,000,000 people affected due to the loss of patient records
- INTERNAL REVENUE SERVICE, 300,000 people affected due to the loss of tax records
- PREMERA BLUE CROSS, 11,000,000 people affected due to the loss of patient records
- UCLA HEALTH SYSTEM, 4,500,000 people affected due to loss of unencrypted passwords
Even though IT spending for security has doubled it looks like data breaches and successful attacks at companies are a day to day experience. One of the main reasons that data breaches are quite common and result in confidential data being stolen is; companies try to focus primarily on the outer perimeter and tend to forget about the core.
Endpoint security, email security, network security and vulnerability management are commonly on acceptable levels. However, if we drill down into the core of an IT landscape commonly security becomes less implemented. In general people feel more save the closer they go into the core of the landscape. Issue is, the core of the landscape is commonly the goal of attackers and the location where the real data is stored.
It is good to realize that 96% of the breached records are coming from database and 66% of all confidential data is stored in databases. This means that a database is prime target for attackers and the ultimate goal to reach in most cases. Even though the above figures are commonly known and the fact that attackers tend to aim for the core of a IT landscape is commonly understood a larger part of the companies who operate Oracle databases have not yet implemented security measures specifically for the database.
Oracle provides a wide range of products to support companies in securing the data itself. Next to the known Oracle Maximum Availability Architecture blueprints Oracle also provides the Oracle Maximum security Architecture blueprints. A number of the products and solutions used within the Oracle Maximum security Architecture blueprints are:
- Oracle Advanced Security
- Oracle Database Vault
- Oracle Data Masking
- Oracle Label Security
- Oracle Database Firewall
- Oracle Audit Vault
- Oracle Key Vault
- Oracle Enterprise manager
Identifying the current state of security, finding the gaps or issues and after that providing a clear architecture roadmap to ensure a higher level of security can be complex task. Understanding how to best use and implement all components that are relevant to a certain situation can be overwhelming and companies tend to seek support to achieve this task. Capgemini provides a large set of services specifically for Oracle Database security. An introduction on this subject is provided in the below slidedeck.
For more information about this topic, feel free to contact Johan Louwers directly via email@example.com