Oracle Database Security Audits
A World of threats, regulations and myths
It is said that the internet offers unlimited opportunities. It is also common sense that the internet creates unlimited risks. Security risks come with accessibility. Accessibility makes your data valuable. If all your data was in filing cabinets or vaults, you could be sure that it was secure, but the time to retrieve it would make it worthless. External exploits by criminals breaking into systems get big headlines, but industry specialists estimate that 80% to 90% of the damage to information systems is done by insiders.
Companies are adopting new or enhanced computer security policies. Sometimes, these policies are driven by the threat of fraud, theft, or sabotage and the associated damage to image, reputation and profit. More and more frequently, enterprises of all sizes are being affected by a variety of laws that have been passed to enforce privacy and accuracy of data in North America and Europe. Along with these laws comes a requirement to audit the security measures that are in place. These laws are becoming a pattern for laws in other countries.
Add to the mix a number of common misconceptions, myths, and “honest mistakes” and it may end up turning into a “perfect storm”.
- Myth: Hackers cause most security breaches. In fact, 80% of data loss is to insiders.
- Myth: Encryption makes your data secure. In fact, encryption is only one approach to securing data. Security also requires access control, data integrity, system availability, and auditing.
- Myth: Firewalls make your data secure. In fact, 40% of Internet break-ins occur in spite of a firewall being in place.
- Fact: 80% plus of companies use production customer data on development, testing and training environments. Very frequently production data contains credit card numbers.
- Fact: Many companies rely only on contractual clauses to protect sensitive data they make available to outsourcers and other third parties.
Get started with a database security audit
Although most companies store some type of sensitive data (clients’ details, financial information, human resource data, Personally Identifiable Information) in databases and in spite of the fact this data is critical to keep the business running, many still fail to apply or follow basic security rules, best practices and recommendations.
Moreover, companies often do not realize how much risk is associated with the sensitive information within their database until an internal audit is conducted or a breach occurs. Huge financial losses could result if an employee with access to the sensitive data distributed the confidential information of the business or its customers. Depending on the severity of the security breach, the company’s reputation could be adversely affected, thus resulting in a decline in sales, consumer, and investor confidence.
A database security audit is the systematic, non-intrusive analysis of the database and directly associated components, from a security perspective, to detect issues that may lead to different types of security breaches and/or lack of compliance with the corporate security policy or security mandates.
For more information and to schedule your own customized Database Security Audit, please contact us.