Is Your Database More Than 7% Secure?
I recently came across an eWeek article entitled “The Job of Securing the Database”. It reinforces what we at RADirect have learned about database security: it’s alarmingly lacking. The article cites a Forrester Research stat that estimates database administrators (DBAs) spend only 7 percent of their time addressing database security.
Evil-minded villains anxiously awaiting the day their organization’s sensitive information is blasted across the universe?
Not exactly.
It’s just that they are often bogged down with other things, or simply don’t know enough about security to deploy the necessary tools.
But the article also has good news: Seems the urgency of it all isn’t lost on those to whom it’s most critical (for example, the financial sector). Many organizations are taking steps towards improved database security by reorganizing the key team members responsible for it – i.e. moving DBAs out of their regular departments and inserting them within an IT security team. This win-win strategy brings more database knowledge into the IT Group while exposing the DBAs to the security-centric environment they need to gain more expertise.
Still Not Enough Time to Adequately Address Database Security?
If you're a DBA, you might also consider a tool like Sentrigo’s Hedgehog Oracle database security software.
I especially like this solution because it provides protection against both outsider and insider breaches and also helps facilitate regulatory compliance with reporting and forensics.
Perhaps even more importantly, it also offers virtual patching – predefined rules added in real-time to the Hedgehog system that address newly discovered vulnerabilities. This keeps your database protected from such threats during that critical interval between when they first become known and when Oracle releases the patch code (this can often take months!) and the organization actually applies it (several more months!). With Sentrigo's solution, there is no need to take the system down for the virtual patch installation.
Facing your own database security challenges? What's the bigger issue for you - lack of time or lack of knowledge? Please drop me a line and share your pains and gains.