Data Protection versus Cloud Computing – Public Clouds

Since a fairly long time, two little words are on their way: Cloud Computing.  Cloud Computing is a concept from IT-Management and has the aim – described easily – that the IT-domains will not be operated via the user anymore but rather via one or more service providers. The data and applications will not be found on the local computer or data processing service center but rather will be stored in the so-called Cloud.

The concept of Cloud Computing has the aim to present the liberty, to provide services from any place in the world. However, the liberty of these Clouds will be initially limited in Europe. Reason for that is the restrictive Data Protection regulation. Read more »

Consider security using One Big Application User model

Oracle recommends that, where possible, you build applications in which application users are database users. In this way, you can leverage the security mechanisms of the database.

Unfortunately from my experience for a lot of commercial packaged software, application users are not database users. For these applications, multiple users authenticate themselves to the application, and the application then connects to the database as a single, highly-privileged schema user containing all the database objects. This is known as so-called One Big Application User model. Why, in spite of Oracle recommendation, the software vendors use in development that database authentication model? Read more »

Protect your data and database against social engineering

According to security experts, it is much easier for attackers to gain access to confidential company data or IT system by manipulating employees, rather than using cracking techniques. This act is known as social engineering.

In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. Consequently, not only DBAs or IT personnel but all the company employees should be aware of common methods used by the so-called “social engineers” in order to protect their data and databases from such attacks. Read more »

The power of Oracle CREATE SESSION privilege

So many times I hear from database developers that their application has no rights on an Oracle database server. This always surprises me since it is not possible to have an Oracle user connected to the database without any rights at all. Even with a single create session privilege the user obtains the whole bunch of default rights which can not be easily revoked by a poor DBA. Read more »

Data protection rules for a DBA

Below I’d like to touch on the European Union’s data protection rules in order to encourage database administrators (DBAs) to be careful with sensitive company and individual’s information that you work with.

The data protection rules established by the European Union help give people control of their personal data. They set high standards for businesses that collect and use this data – especially sensitive data like health information, sexual preference, religious, political or ideological views or prior criminal offences. Read more »

Next Page »

DBMS Blog Updates : Subscribe RSS RSS: Subscribe to Articles · Subscribe to Comments Subscribe RSS Receive site updates via email