Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Looking for GRANT ALL on objects"] [Next entry: "Free Tool to Check The Privileges of an Oracle User or Role"]

20 Years of Securing Data in Oracle Databases

This Sunday, the 12th of February 2023, is the 20th anniversary of the formation of my company Limited. Wow, 20 years has gone so fast and its appropriate to take stock and see where we have been and how we are doing and where we are going. 20 years ago my wife took a photo of me in front of a stack of computers (Sun Ultra 10s, Sun Ultra 5s, HP and some Intel Linux boxes) and this became the home page of my company website. This photo is on our site but I will repeat it here again here:
PeteFinnigan in 2003

This photo as you can see became immortal as we caricatured it into our company logo. Also if you look just above my head you can see my oldest son as a baby who had just been born a few months before I started Limited. Now he is also over 20 years old and he now works for the company doing website and marketing. Here is photo of me in our offices taken a few days ago for comparison - look younger of course!!:
PeteFinnigan in 2023

The computers 20 years ago are not needed anymore; we do not need stacks of servers for each test Oracle database as we use virtual machines now. We do still have a massive server though that hosts all of our virtual machines and test databases.

When I started the company I wanted to help people secure data in their Oracle databases. We still do this today of course and have the same goal; to make it easier for people to secure data in an Oracle database. The data security landscape has changed but not as much as we would hope. When I started 20 years ago no one was really focusing on data security; not to the level we do now. It was harder to find customers 20 years ago but now its easier as more companies are aware of the risks of their data being stolen and are much more accepting of the need to secure data. So times have changed at the high level.

20 years ago, before Oracle CPUs and serious efforts to secure Oracle, the normal approach was simple hardening from lists such as SANS or the very early CIS benchmark, as there were limited security patches they didn't figure a lot then. We even 20 years ago went further and we developed an approach and continue to improve it to this day that includes patching, hardening and actual data security which at a high level can be broken into user access controls, user security, data security, context based security and audit trails.

I started 20 years ago and we have developed many security classes that I still teach live in person or online helping people learn how to secure data in an Oracle database; we also developed and sell licenses for 5 software products aimed also at helping people secure data in an Oracle database and finally we developed a number of services such as detailed security audits, policy development, code reviews, audit trail designs and help deploying and designing and implementations of Oracle cost options such as Database Vault or masking or TDE or SSL or Keyvault...

The business has changed over the years but the core message is the same; we have a much richer set of training, products and services that we offer to customers. We are also on social media on Linked in

Has Oracle security changed in 20 years?, yes, in the sense that we know a lot more and have more facilities at our disposal to help secure data BUT I still see insecure databases and a lack of data security; the tide is changing but maybe not fast enough.

Please follow us on social media for more info and updates on securing data. We are on LinkedIn , Facebook and Twitter - please like and follow us for more articles and details.