Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Express - will we get security patches? - I truly hope so"] [Next entry: "Oracle has released a new security vulnerability fixing policy and process"]

Mary Ann speaks about security strategy

I was passed a link to a blog entry by Jason on the Juxtaposition blog. The entry is titled "More from Oracle's CSO". The writer suggests that Mary Ann in an article titled - (broken link) Davidson: Lessons of warfare for IT security - To best apply limited resources to maximize defense success, carefully select your turf is looking too deeply into security techniques and should be taking a higher level position. To be honest after reading Mary Ann's article I am quite impressed. Read it again now. I liked the sentence:

"The network perimeter has disappeared as ubiquitous computing and extranet access have surged. The model of hardened perimeters and wide-open interiors is no longer adequate."

This is what I have been saying for a long time. The old model of securing the network or even hardening the servers and leaving the database wide open is not an option in today’s world. The data is what runs businesses and provides profit and jobs, it has to be protected. Access to the database needs to be controlled and the database itself has to be hardened. Patches for all of the bugs are also needed but we are talking about multi-layer security. It is quite heartening to hear Mary Ann agree with my sentiments.