By Gary Gordhamer |
Security is a major topic in today’s world. As I’m writing this, I have just completed another quarterly security audit on critical systems. This doesn’t sound like the traditional job of a DBA, but managing storage, backups, monitoring, patching, performance tuning and, yes, security are all DBA tasks.
Security is a vast subject, and it grows with every day. Where this previously meant the DBA created database schema users and possibly helped rest passwords, it now extends into all aspects of OS level security, network security, application security, physical access security and data security. The term we hear is “defense in depth.” We can no longer protect the borders of our network and have “soft” centers. We have to have security in every aspect of our systems, processes, and people.
In this issue of SELECT Journal, we cover a number of these angles. Author Frank Pound provides insight on how to make your auditing life easier, utilizing Oracle Enterprise Manager Cloud Control in conjunction with standardized IT controls. Automating your auditing not only helps make it painless but ensures it is enforced frequently and consistently.
Authors Der’ly M. Gutierrez III and Jim Czuprynski provide a spirited discussion entitled “The Wolf Is Always At the (Hospital) Door: Reducing Information Security Risks for Health Care Organizations” about the state of current breaches in IT systems. They outline both controls and new technology that can be used to help identify and prevent data breaches.
Many Oracle customers are enjoying the benefits of Oracle Engineered Systems, but as Dan Norris points out in his article “DBA 201: Exadata Security,” there is always more security that could be added. For example, columnist Ian Abramson compels us to remember security in big data. As with many things in life, defense is a team game; one person alone cannot save a team from defeat.
In addition to these security topics, we also have the first part of a two-part series by Jim Czuprynski on Oracle 12c Real Application Testing (RAT), as well as a column from Eric Mader on WebLogic in the Microsoft Azure Cloud. Jonathan Gennick implores everyone to make time to discover and explore new technologies and ideas in this quarter’s IOUG Press Corner.
More than ever, everyone in IT has responsibility for some part in security. Our individual roles in a system are frequently changing as we move from internal systems to cloud systems; from transactional systems to big data; take on managing multiple layers of a technology stack; or add a new technical feature or upgrade.
Reducing loss of data or preventing cyber incidents can only be done by IT professionals. Consider this the next time you receive that nagging email or request for a security audit or to provide documented procedures or controls. We are all part of the defense team, and only by working as a team can we win.
We can no longer protect the borders of our network and have “soft” centers. We have to have security in every aspect of our systems, processes, and people.