Oracles top security guru

By Lisa Vaas  |  Posted 2003-12-08 Print this article Print

on securing the database"> eWEEK.COM: Relating to the fact that you just addressed the Cyber Security Summit, Im wondering, are databases a particular point of weakness in national security? DAVIDSON: Consider the human body, which also includes a number of organs with disparate functions, all of which are geared to preserving the life and health of the individual. You might ask whether the heart is more at risk than the liver? Or the immune system? Or the brain? You cant answer the question without understanding what the risks are to each organ, and what other risks there are to the system as a whole (e.g., people who skydive are at greater overall risk than those who sit on the porch knitting).
As with any other type of systems, national security systems are themselves subject to risk mitigation. That is, what is the threat (to the system)? What are the remedies for those threats? Can we completely mitigate the threat, or is there risk that we cannot reduce? Some of these risks will vary "body by body." It is not as if there is only one database for all national security; there are many, used for different purposes, in different configurations. At the macro level, databases are actually part of our ability to ensure national security because they are the workhorses for so many defense and intelligence entities in terms of data collection, analysis, including our ability to tie seemingly unrelated events together (connecting the dots), and the like. eWEEK.COM: What about when it comes to small/medium database users—are their database protection practices prone to being compromised—more so than large enterprises or government usage? DAVIDSON: Again, you cant come up with a blanket statement without looking at the overall "body of health." For example, if you dont secure the operating system, the database that runs on it can be at risk even if the database itself is configured securely. For example, if I lock my jewelry box, but the burglar breaks into my house, she can walk off with the jewel box—so much for the lock! Also note that many users have databases in their systems they may not even know about. This was one of the reasons Slammer spread so virulently, because of the embedded databases in other products that the customer/user did not even know was there and thus did not know to patch. Its as if your basement flooded in a hurricane, and you were astonished because you did t even know you had a basement, or youd have sandbagged it. [Editors Note: Click here to read about last springs infamous SQL Server onslaught.] Next page: Common mistakes made when securing the database.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel