Johannesburg, 03 May 2013
I spend my working days at iFactory Consulting designing, developing, testing and deploying Oracle ADF/WebCenter solutions, for clients that have security needs and concerns.
One small part of any Oracle solution is data security, says Bjorn Bergmann, developer at iFactory Consulting.
It's the one thing every corporate client is scared to look at, and hopes they have - most business users assume they have data security. But a lot of people don't even know what data or system security is.
My simple definition is: data, system or solution security is one group of people (corporate/client/developer) trying to stop another group from gaining unlawful access to something valuable.
Security in the IT realm is much more than simply securing your data or the database, it's about securing the information those elements hold.
The first area of security is where the data is stored. Most companies store their data in a database - Oracle, SQL, even in Excel. There is a significant effort spent by vendors to build the security into the database. Oracle database has enormous, free, security capability to stop "hackers" gaining entry.
The second area of vulnerability is when data is sent from one area to another, (think e-mail, interface and memory stick). Think about what you e-mail to your partners or what your boss requests.
There is also the interface that one must watch out for, what information is being sent across on the Internet, and are you getting that information securely, not to mention whether your computer is secure.
A third case where data can be compromised is when databases are backed up - but that we can discuss at another time.
Transportation of data is often the area most overlooked, as "it just has to be done" is most often the case. Yet, in my experience, I see some huge gaps arriving here:
* Unsecured files "ftp'd" to a common staging location;
* Payment files loaded onto a memory stick and walked to the "bank machine"; and
* Corporate documents e-mailed to sales managers, partners, etc, and the list goes on.
The security solution to this can be simple, and doesn't have to cost an arm and a leg. For example:
* A well thought through password on the Excel file;
* Using simple data encryption tools for the transportation of data; or
* Even using a "host-to-host" data transfer solution.
Start with little steps and always ask yourself: "How much will it cost to fix?"
Share