“THE EVO­LU­TION OF IOT HAS FUR­THER EX­PANDED...”

Sun­dar Ram, VP, Tech­nol­ogy Sales Con­sult­ing, Or­a­cle talks about how data se­cu­rity has be­come crit­i­cal in a cloud com­put­ing en­vi­ron­ment

DQ Channels - - Channel Pulse - ANUSHRI MON­DAL (anushrim@cy­berme­dia.co.in)

Sun­dar Ram, VP, Tech­nol­ogy Sales Con­sult­ing, Or­a­cle talks about how data se­cu­rity has be­come crit­i­cal in a cloud...

Ris­ing se­cu­rity threats, ex­pand­ing com­pli­ance re­quire­ments, con­sol­i­da­tion, and cloud com­put­ing are just a few of the rea­sons why data se­cu­rity has be­come crit­i­cal. Stolen client de­vices, in­clud­ing tablets and smart­phone’s, have the po­ten­tial to eas­ily ex­pose sen­si­tive in­for­ma­tion as users move be­yond the lap­top. Out­sourc­ing, off­shoring, cor­po­rate merg­ers, and nearly con­tin­u­ous or­ga­ni­za­tional change cre­ate ad­di­tional risks by mak­ing it eas­ier for ma­li­cious in­sid­ers to ob­tain sen­si­tive data and for out­side hack­ers to gain ac­cess to servers us­ing so­cial en­gi­neer­ing at­tacks. In an in­ter­ac­tion with DQChan­nels, Sun­dar

Ram, vice pres­i­dent, Tech­nol­ogy Sales Con­sult­ing Or­a­cle Cor­po­ra­tion, Asia Pa­cific ex­plains why cen­tral­ized and ef­fi­cient pro­tec­tion of sen­si­tive data re­gard­less of the ap­pli­ca­tions be­ing used is more im­por­tant than ever.

How can en­ter­prises pre­vent fraud­u­lent peo­ple work­ing within or­ga­ni­za­tion get­ting ac­cess to priv­i­leged data?

Var­i­ous stud­ies and sur­veys have con­cluded that a size­able per­cent­age of data breaches have been per­pe­trated us­ing in­sider cre­den­tials, typ­i­cally one with el­e­vated ac­cess to sys­tems and its data. If a user’s pass­word is guessed, a de­vice is com­pro­mised, or a ses­sion is hi­jacked, then fraud­u­lent ac­tiv­ity may oc­cur. Like­wise, if a priv­i­leged user has, or gains, ‘back door ac­cess’ to IT sys­tems, then tra­di­tional data se­cu­rity ac­cess con­trols may be by­passed.

Ex­am­i­na­tion of nu­mer­ous se­cu­rity in­ci­dents has shown that timely ex­am­i­na­tion of au­dit data could have helped de­tect unau­tho­rized ac­tiv­ity early and re­duced the re­sult­ing fi­nan­cial im­pact. Hence we rec­om­mend de­ploy­ment of so­lu­tions that en­sure ef­fec­tive au­dit­ing in­side the data­base. For ex­am­ple Or­a­cle Data­base 12c in­tro­duces pol­icy based con­di­tional au­dit­ing. An au­dit pol­icy can be de­fined to au­dit all ac­tions out­side a spe­cific IP ad­dress and user­name.

Fraud con­di­tions may also be re­lated to a set of or­di­nary ac­tiv­i­ties that are sus­pi­cious when viewed to­gether in a given se­quence. In the fi­nan­cial sec­tor this may ap­ply to a pat­tern of fi­nan­cial trans­ac­tions that could re­sem­ble money laun­der­ing. In such cases the sys­tem may sus­pend ac­counts and send alerts when such po­ten­tial vi­o­la­tions are de­tected.

De­tec­tive con­trols may also be ap­plied as an­other mea­sure of se­cu­rity. They pro­vide the abil­ity to per­form au­dits and anal­y­sis based on ad-hoc cri­te­ria. They can be used to per­form “what-if ” anal­y­sis, look for spe­cific trends, in­ves­ti­gate the ac­tions of sus­pi­cious users, etc. The ad­min­is­tra­tive au­dit and anal­y­sis ca­pa­bil­i­ties pro­vide a back­stop for fraud de­tec­tion that ei­ther has not yet been de­fined or has not yet been cod­i­fied into a purely run-time preven­ta­tive se­cu­rity con­trol.

Is there any price fac­tor as to why com­pa­nies are de­lay­ing this much needed se­cu­rity mea­sure?

It’s not that en­ter­prises are not in­vest­ing in se­cu­rity. In fact ac­cord­ing to an Or­a­cle spon­sored CSO Mar­ket Pulse sur­vey, the cor­po­rate an­swer to ris­ing threat lev­els is to spend more on se­cu­rity. But big­ger bud­gets alone have not in­creased CSOs’ con­fi­dence in de­liv­er­ing a highly se­cure en­ter­prise. While 59% of re­spon­dents say their IT se­cu­rity bud­gets have in­creased, only 23% say their or­ga­ni­za­tion has a su­pe­rior strat­egy in place across all key as­pects of data se­cu­rity.

Much of this in­vest­ment is also re­ac­tive. Or­ga­ni­za­tions are not con­sid­er­ing long term strate­gies to pro­tect in­for­ma­tion as­sets es­pe­cially the most cru­cial one – data­base. Most com­pa­nies in­vest in perime­ter and net­work de­fense be­cause they be­lieve data­base and ap­pli­ca­tion data are in­her­ently safe as they lie deep within the fire­wall of the com­pany. This is a danger­ous as­sump­tion. En­ter­prises to­day have to re-en­gi­neer their thoughts to un­der­stand the right ap­proach to se­cure in­for­ma­tion as­sets. In the new world, sen­si­tive cor­po­rate data is stored and ac­cessed from be­yond the com­pany’s di­rect con­trol.

For this rea­son, in­stead of fo­cus­ing on more com­plex net­work se­cu­rity pol­icy, IT or­ga­ni­za­tions should fo­cus on how users ac­cess ap­pli­ca­tions and data. When crim­i­nals breach a net­work, they tar­get weak user ac­cess con­trols as a means to ac­quir­ing valu­able in­for­ma­tion as­sets. While an ideal mix of se­cu­rity spend­ing will vary from or­gan­i­sa­tion to or­gan­i­sa­tion and their threat ex­po­sure what we would rec­om­mend is that IT man­agers should align se­cu­rity bud­gets with their or­ga­ni­za­tion’s most valu­able as­sets – the in­for­ma­tion stored in data­bases, ap­pli­ca­tions and servers. CSOs and CISOs need to re­bal­ance se­cu­rity re­sources to pro­tect cor­po­rate in­for­ma­tion from the in­side out.

What is Or­a­cle’s con­tri­bu­tion in the ap­pli­ca­tion and data se­cu­rity space?

From hard­ware in­fra­struc­ture to data­base, mid­dle­ware, ap­pli­ca­tion, and cloud en­vi­ron­ments, only we of­fer end-to-end, un­frag­mented mon­i­tor­ing, con­trols, change man­age­ment, and re­port­ing. We of­fer the in­dus­try’s most ad­vanced tech­nol­ogy to safe­guard data where it lives—in the data­base. Our com­pre­hen­sive port­fo­lio of data­base se­cu­rity so­lu­tions in­clud­ing Or­a­cle Au­dit Vault and Data­base Fire­wall, Data­base Vault and Data Mask­ing and Sub­set­ting so­lu­tions en­sure data pri­vacy, pro­tect against in­sider threats, and en­able reg­u­la­tory com­pli­ance.

In ad­di­tion our com­plete, best-of-breed iden­tity man­age­ment so­lu­tion set en­ables en­ter­prises se­cure crit­i­cal ap­pli­ca­tions and sen­si­tive data, lower opera- tional costs, and com­ply with reg­u­la­tory re­quire­ments. It se­cures sen­si­tive ap­pli­ca­tions and data re­gard­less of whether they are hosted on-premises or in a cloud. Built on a uniquely in­te­grated mod­ern ar­chi­tec­ture, Or­a­cle Ac­cess Man­age­ment soft­ware gives cus­tomers the flex­i­bil­ity to deploy a com­pre­hen­sive so­lu­tion de­liv­er­ing au­then­ti­ca­tion, sin­gle sign-on, au­tho­riza­tion, fed­er­a­tion, mo­bile and so­cial sign-on, iden­tity prop­a­ga­tion, and risk-based au­then­ti­ca­tion and au­tho­riza­tion at the net­work perime­ter. Or­a­cle Iden­tity Gov­er­nance em­pow­ers user self-ser­vice, sim­pli­fies ac­count ad­min­is­tra­tion, and stream­lines au­dit tasks re­sult­ing in a lower over­all to­tal cost of own­er­ship for man­ag­ing iden­ti­ties.

We also pro­vide the in­dus­try’s most com­plete, end-to-end of­fer­ing aimed at re­duc­ing the risks as­so­ci­ated with smart mo­bile de­vices. With a com­plete set of se­cu­rity-fo­cused ca­pa­bil­i­ties—in­clud­ing ac­cess and au­then­ti­ca­tion, sin­gle sign-on, ap­pli­ca­tion con­tainer­iza­tion, cor­po­rate ap­pli­ca­tion store, and more—Or­a­cle Mo­bile Se­cu­rity en­ables or­ga­ni­za­tions to rapidly adopt and deploy new mo­bile tech­nolo­gies and ap­pli­ca­tions, and seg­re­gate and man­age cor­po­rate data and ap­pli­ca­tions with­out in­ter­fer­ing with mo­bile users’ per­sonal data and ap­pli­ca­tions.

Or­a­cle Ac­cess Man­age­ment soft­ware gives cus­tomers the flex­i­bil­ity to deploy a com­pre­hen­sive so­lu­tion de­liv­er­ing au­then­ti­ca­tion, sin­gle sign-on, au­tho­riza­tion, fed­er­a­tion, mo­bile and so­cial sign-on, iden­tity prop­a­ga­tion, and risk-based au­then­ti­ca­tion and au­tho­riza­tion at the net­work perime­ter

SUN­DAR RAM, VP, Tech­nol­ogy

Sales Con­sult­ing Or­a­cle

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.