Subscribe in a reader
Oracle "vaults" towards the secure database
Submitted by Mike Rothman on Wed, 2006-04-26 13:48.
Today Oracle announced a number of security products including "Database Vault" (link here) to protect and limit access to sensitive data and applications. Now administrator access can be segmented and protected to ensure that DBA's don't have free reign. They also announced "Secure Backup" that interfaces directly to tape drives, presumably without requiring 3rd party products (release here).
Oracle has been doing security stuff within the database for years, and it hasn't been enough. That created a market opportunity for folks like Application Security and Protegrity to provide more focus on vulnerability scanning, controlling access and encrypting to specific database elements.
This is another example of Oracle's Microsoft envy. Microsoft perfected the art of sucking more and more functionality into the core platform. So as Microsoft has over time subsumed security capabilities into the OS (and that will accelerate dramtically with Vista and Longhorn), now Oracle is doing the same thing on the database.
The impact to the 3rd party vendors could be significant. 3rd parties will survive based on how well end users understand what they do vs. what Oracle does. And priced at $20,000 per CPU, Database Vault is not really priced to move. Nor does Oracle support other DBMS platforms, so that is a point of leverage for the start-ups.
The backup offering also seems a bit strange in that maybe I'm missing something, but backup is usually taken care of on a broader data center basis. So just doing it for Oracle databases seems a bit restrictive.
But these moves validate what we already know, which is what Pragmatic Security calls "information security" (of which database security is a subset) is important. Certainly enough for Oracle to think they can sell a lot of it. And the fact that they are selling distinct capabilities (like label security, encryption, virtual private database, and secure backup) separately indicates the immaturity of this security category.
We'll see more of this security being subsumed into the database. Adding security is an obvious direction for someone like MySQL to continue adding value to the open source database.
End users should be focusing on whether Oracle's death by
1000 (or millions depending on the number of CPU's in use) cuts is the right approach as opposed to going with a start-up that won't have a similarly broad product set, but will be multi-platform.
Oracle has been doing security stuff within the database for years, and it hasn't been enough. That created a market opportunity for folks like Application Security and Protegrity to provide more focus on vulnerability scanning, controlling access and encrypting to specific database elements.
This is another example of Oracle's Microsoft envy. Microsoft perfected the art of sucking more and more functionality into the core platform. So as Microsoft has over time subsumed security capabilities into the OS (and that will accelerate dramtically with Vista and Longhorn), now Oracle is doing the same thing on the database.
The impact to the 3rd party vendors could be significant. 3rd parties will survive based on how well end users understand what they do vs. what Oracle does. And priced at $20,000 per CPU, Database Vault is not really priced to move. Nor does Oracle support other DBMS platforms, so that is a point of leverage for the start-ups.
The backup offering also seems a bit strange in that maybe I'm missing something, but backup is usually taken care of on a broader data center basis. So just doing it for Oracle databases seems a bit restrictive.
But these moves validate what we already know, which is what Pragmatic Security calls "information security" (of which database security is a subset) is important. Certainly enough for Oracle to think they can sell a lot of it. And the fact that they are selling distinct capabilities (like label security, encryption, virtual private database, and secure backup) separately indicates the immaturity of this security category.
We'll see more of this security being subsumed into the database. Adding security is an obvious direction for someone like MySQL to continue adding value to the open source database.
End users should be focusing on whether Oracle's death by
1000 (or millions depending on the number of CPU's in use) cuts is the right approach as opposed to going with a start-up that won't have a similarly broad product set, but will be multi-platform.
Recent comments
1 week 5 days ago
2 weeks 2 days ago
6 weeks 1 day ago
6 weeks 1 day ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago