Secure in the KnowledgeBy David A. Kelly
Improve security and efficiency with Oracle Database security solutions.
These days, a good database security strategy isn’t just about security. It’s also about performance, availability, scalability, transparency, and speed of deployment. Just ask CMC Markets, a London, England-based financial services company.
“We need industrial-strength, enterprise-quality security solutions,” says Akash Gharu, head of business data services at CMC Markets. “We’re 24/7 in global markets, so we need high availability and data protection to the highest degree. But at the same time, we’re very concerned about the ease of implementation and access to support.”
CMC Markets is a retail financial trading company that offers real-time pricing, real-time trading, and real-time news updates. It provides a complete institutional trading environment for investors to manage their own list of investment opportunities, for both long-term investors as well as day traders. Although it’s relatively young (only 20 years old), CMC Markets has become one of the leading internet-based investment services organizations in the U.K., Germany, and Australia.
CMC Markets is currently poised to launch a complete revamp of its current trading technology, which company leaders expect will revolutionize the retail trading experience. A significant portion of this new technology is underpinned by state-of-the-art Oracle products.
“We have a responsibility to protect our customers’ data from external and internal threats,” says Gharu. “And the first step is to protect the databases where this data is stored.” When it came to securing its database, one of the most critical requirements for CMC Markets was being able to meet regulatory requirements easily in a timely and cost-effective manner without having to go back and re-engineer its applications. Fortunately, CMC Markets was able to meet these challenges by using Oracle Database Vault and Oracle Audit Vault.
“Deploying Oracle Database Vault and Oracle Audit Vault allows us to achieve most of our audit requirements without making changes to our applications,” says Gharu. “It allows us to harden our database environment so that the applications continue to work, but direct access to the application data requires that privileged users meet a defined set of criteria.”
CMC Markets isn’t alone in needing new solutions for its data security challenges. Around the world, new regulations for protecting consumer privacy and personally identifiable information are forcing companies to re-evaluate their internal and external database security requirements.
That’s where solutions like Oracle Advanced Security, Oracle Database Vault, and Oracle Audit Vault come in. They allow organizations to easily safeguard their data without significantly affecting performance or IT infrastructure.
“Organizations have the technology to safeguard their databases without trading off performance or manageability,” says Vipin Samar, vice president of database security development at Oracle. “Today’s solutions make it very easy.”
Securing the Financial MarketFor a financial services company such as CMC Markets, compliance, database security, and audit responsibility are especially critical. Systems include lots of private data, including customer details, transaction history, and business data.
“Oracle Database Vault allows us to provide security to areas and applications that had limited or no security before,” says CMC Markets’ Gharu. “Coding a new solution would have taken a lot longer and would have taken time and resources that the business just didn’t have. Using Oracle Database Vault allows us to focus on the real product changes that we have to make and not tie up our time trying to retrofit security.”
And not having to retrofit security means faster security implementations. “By using Oracle Database Vault, we implemented all the hardened security for Oracle E-Business Suite within a week,” says Gharu. “It really shortened the time it would have taken us to deploy high-strength security for our projects.”
CMC Markets is using Oracle security solutions, including Oracle Audit Vault, on hundreds of applications.
“Oracle Audit Vault allows us to start taking a more streamlined approach to auditing by giving the right internal groups access to data so they can keep an eye on violations or restrictions, as well as control access,” says Gharu. “The attractive thing about Oracle Audit Vault is that it works with Oracle and non-Oracle databases. You can use Oracle Audit Vault to get a complete enterprise view of the activity across all your databases.”
Certified SecurityLike CMC Markets, the Educational Testing Service (ETS) in Princeton, New Jersey, also needed advanced database security options to meet new regulatory and customer requirements.
ETS is a global leader in creating, managing, and evaluating a wide range of assessment tests including the GRE test and the College Board’s SAT test. Last year, the company administered and evaluated more than 50 million tests in 180 countries.
The company has always recognized the importance of protecting its customer data, and a few years ago it implemented a program to demonstrate, through externally established standards, that it safeguards the personal data it collects.
“We must ensure that our customer information is safe and secure, as well as protect our globally recognized brand equity,” says Brad Peiffer, IT director at ETS.
The organization was able to use the Transparent Data Encryption feature of Oracle Advanced Security to protect a wide range of databases and systems.
“Even though we evaluated other options, we chose Oracle Advanced Security because it’s important to us to make sure we get the right level of protection for our Oracle systems,” says Peiffer. “By using the Transparent Data Encryption capabilities, even the personal data on our backups that are shipped to off-site locations is protected because it’s encrypted.”
Meeting external regulatory deadlines was another important consideration in ETS’s selection of Oracle Advanced Security.
“We had time frames we had to meet in providing certain levels of data protection to be certified and not incur any penalties,” says Peiffer. “By using Oracle’s Transparent Data Encryption, we were able to meet and beat those time frames. It’s been a solid solution.”
“We’re very pleased with Oracle Advanced Security Transparent Data Encryption. Not only does it protect all the information we have in our databases; it also protects our backups, and it’s easy because all the tools and applications we were using before all continue to work,” says Peiffer. “Oracle Advanced Security saves us time, resources, and money.”
The Future Looks SecureLike most technologies today, security solutions can’t stand alone. They have to work seamlessly with a wide range of internal and external IT systems, databases, and applications. They also need to meet performance, availability, and reliability requirements that didn’t exist 10 years ago and be capable of responding effectively to dynamically changing regulatory and business requirements.
The most-effective security solutions enable an organization to streamline processes, securely manage customer information and critical corporate data, and optimize business opportunities by removing potential risks or liabilities. “With all the potential threats today, organizations can deploy multiple technologies to adequately protect their data,” says Oracle’s Samar. “Different organizations will perceive risks differently, and Oracle has the solutions to cover those different risks.”
David A. Kelly (email@example.com) is a business, technology, and travel writer who lives in West Newton, Massachusetts.