Oracle Information InDepth



Stay Connected

Database Security

Oracle on Twitter Oracle on Facebook Oracle Blog

Identity Management

Oracle Identity Management on Twitter Oracle Identity Management on Facebook Oracle Blog 

January 2013

Subscribe Forward

Back to the main page

Expert Tips: Protect Against the Top Three Security Concerns in 2013

For more than two decades, Graham Palmer, director of information security for Oracle's EMEA operations and a cyber-security expert, has helped companies investigate information breaches and improve their IT security.

In the wake of numerous high-profile attacks in 2012, we asked Palmer where organizations need to redouble their security efforts in 2013—and why Oracle's security inside-out approach is uniquely positioned to meet these proliferating challenges.

  • Securing Mobile: Bring Your Own Device
    In the old days, organizations had a centralized team that handed out hardware. Now we're in the age when people want to access work systems with their own devices, whether it's a laptop, an iPad, a smart phone, etc.

    The genie is out of the bottle, and the job of protecting corporate data—from e-mail to core applications—on multiple platforms has become a widespread challenge. Many questions arise. Do you give someone the same rights when using a corporate-issued device as when they're using their personal iPhone? Do you build an encrypted chamber within the iPhone or other device in order to keep it out of the wrong hands?

  • Defending Against Advanced Persistent Threats
    Increasingly, highly organized hackers are targeting specific organizations and institutions in order to get, in particular, highly sensitive information—for purposes such as theft of industrial secrets and even state-sponsored espionage. These threats are widely known as advanced persistent threats (APTs).

    To achieve their goals, hackers are using progressively more-sophisticated techniques, such as spear-phishing and spy-phishing. Malware is packaged to be completely invisible, with no known signature for antivirus software to recognize. As a result, it can sit on a network for a long time without ever being detected. The risks are enormous—such as the case of a recently bankrupted telecom giant whose difficulties may have been exacerbated by stealth cyber attacks.

  • Protecting Applications and Data
    Many organizations are still concentrating too many security resources on perimeters. But the rise of mobility, coupled with the increasing sophistication of APTs, means perimeter firewalls alone do not guarantee information security.

    According to the 2012 Verizon Data Breach Investigations Report, 94 percent of all data compromised involved servers. So the real risks are against applications, data, and the infrastructure. The report also states that 97 percent of all breaches were avoidable through simple or intermediate controls. So the question becomes one of how to protect critical assets at the many different layers where data resides.

Oracle's Security Inside-Out Approach
In response to these challenges, Oracle offers a comprehensive, inside-out approach to security—not simply relying on perimeter security, but protecting data where it lives, throughout multiple layers of systems. Oracle’s leading-edge security solutions span database security, identity management, governance, risk and compliance, enterprise management, cloud security, servers and storage, and infrastructure. Oracle is focused on delivering security products and secure solutions.

For example, Oracle Advanced Security provides transparent data encryption, so even if hackers can access data, they won't be able to read it. To prevent insider threats, Oracle Database Vault provides privileged user access controls. And Oracle Audit Vault and Database Firewall is a first line of defense for databases that consolidates audit data from databases, operating systems, directories, and more.

Centralized identity management is also essential, which is why Oracle has built identity management directly into its middleware platform. With Oracle's platform approach to identity management, you don't need a point solution to support every new mobile device or SOA solution. Oracle's approach inserts critical controls into existing digital resources, providing an extensible and secure foundation that transcends individual devices or silo-based solutions.

Learn more about Oracle's security inside out approach today.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together Contact Us | Legal Notices and Terms of Use | Privacy Statement
Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.