(belgian event) a practical example of how to protect data in an old oracle server without changing applicationcode
if you have older applications running on older Oracle servers and you don't want to put up the logging (or you can't) about the use of the data because the application is too complicated or because you don't want to be dependent on the application (or you don't trust it)
than this practical example at Oracle is yours to follow
it is a first in Belgium, that installation in a small egov environment
the idea is that data has to be protected as close as possible as where the data is (not before or on top of it, but next to it, in the Oracle database). Because if you put your monitoring or protection elsewhere, than a leaker has only to put an Usb in the database itself and copy it (your monitoring device before it will always be too late - or can be deconnected). No totally true but that is the idea
secondly instead of looking for solutions that try to follow Oracle I look for solutions that are part of the platform so that whatever happens (patches, upgrades) it is part of it and if there is a problem there is only one responsable firm (and not several products blaming each other).
off course, this is not cheap but it also mean that if you want to do it, than this is the best opportunity to get your data out of your applications, put them on seperate databases and protect those data-databases as if it was Fort Knox (and Oracle has now finally the products to do so).
This makes it also possible to start thinking differently about data and to treat data differently and probably you can even close down, merge or dramatically change existing applications that are using the same data. Data quality for instance is than the next big thing.
so if you are in Brussels and have Oracle on the 21st of october
I will be there, proud of this one (being first in Belgian egov with this)
if you new Oracle server these Oracle securitymodules are so easy and practical to implement that you wonder why they say people don't seem to understand their use here
wait untill they will have to pay fines next year when there is a securitybreach ......
and imagine what woudl happen with your position and your boss if you were in the position of some big webservices that are now going through the auditing and re-securisation process