Database Insider Edition
Oracle Corp
January 2012 Stay Connected: TwitterFacebookYoutube Blog
Back to the main page
IDC Report: Database Security Is Keystone of Effective Data Leak Prevention

In a new white paper sponsored by Oracle, leading analyst and market research firm IDC finds that many organizations lack strategic solutions to protect their most valuable data assets—their databases—despite having data leak prevention (DLP) programs in place.

To help organizations respond, the report, “Effective Data Leak Prevention Programs: Start Protecting Data at the Source—Your Databases,” from August 2011, presents
  • A comprehensive look at today's enterprise data threats
  • A breakdown of key government regulations and their impact on data protection
  • Recommendations for a proactive, best-practices approach to data protection
Protecting Data at the Source
"Data security will go nowhere without robust, proactive database security," writes Charles Kolodgy, the report's author. The paper goes on to state that many organizations rely too heavily on network-based protection to encrypt or monitor traffic, without securing data at the database level.

"This approach is the equivalent of chasing the proverbial horse that has left the barn," Kolodgy writes. "If the information isn't secure within the database, all of the DLP protections will have a hard time preventing a data breach."

Best Practices for Securing Databases
After establishing the seriousness of today's data threats and spelling out the regulatory pressures organizations face, the report lays out four key best practices that must work in concert to keep databases secure. They include
  • Preventing database bypass. System users can easily bypass database controls and access unencrypted data stored in database files or on backups by using readily available software. Additionally, data traveling over the wires is also vulnerable to a breach. By encrypting data, organizations can make sure that data is protected even when database controls are bypassed or not present.
  • Preventing application bypass. To enable secure data consolidation, off-shoring, and cloud computing, application controls at the database level are vital. That means blocking access to application data by privileged database users as well as via ad hoc query tools.
  • Monitoring and blocking. A new class of database firewall products has emerged to protect against the growing number of SQL injection attacks, privileged escalations, and unauthorized access to data. To be effective, they must be highly accurate and scalable to keep up with traffic in enterprise-scale databases.
  • Auditing, real-time reporting, and alerts. Logging and auditing are not enough. Organizations need to proactively monitor their audit trails via real-time reporting and alerts. In addition, comprehensive audit information is required for regulatory compliance, forensics, and legal discovery.
Implementing Best Practices with Oracle Database Security
The report concludes by mapping IDC's best practice recommendations with specific Oracle database security products, including: Kolodgy concludes, "Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide controls that are at the core of information leak prevention."

Read the IDC report now.

Watch a related Webcast: Turning Data Loss Problems into Data Loss Prevention: Best Practices for Successful Programs.
Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2012, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.