Third Parties Cant Help

By Brian Fonseca  |  Posted 2004-11-29 Print this article Print

New, small, third-party database security vendors are trying to convince customers that additional muscle is needed to secure their databases. Do you agree?

Theres a lot that goes into phases of securing your database, like good testing and instructive testing. Thats something a third party cannot help you with. Its our code. If we cant do that, theres nothing a third-party database vendor can help you with. Secondly, in terms of the [databases] security features and functions, its our product, and we feel we do a better job with our customers. We dont lose business on security. We have features they dont have, more granular access control and more granular auditing. Weve spent millions having other people validating weve done our jobs properly. In general, thats an achievable hurdle for both large and small vendors.

What are some of your customers biggest concerns for database security?

A number of companies feel uncomfortable with the thought that "I cant trust my internal users." I think a lot of [fears] are driven by regulatory compliance, in a way forcing them to do good things they may have not done before. I have had discussions with customers that are on products that have not been supported for 10 years, and they never applied patches. Now they want you do to security analysis to tell them if theyre at risk. Particularly, these seem to be people running mission-critical systems. I think the assumption is that nothing bad happened and nothing ever will.

In general, have large-scale database and software vendors taken steps to better secure their users systems?

[For] the industry as a whole, there are things we need to do better. I want to make it as easy as possible to use and operate Oracle as securely as possible. What you want to do is make it easy for customers to say, "Yes, I know what my risk is, I know where the patch is, and I can apply this patch" if they want. People will make business decisions on whether [they] want to apply this patch or not.

Brian Fonseca is a senior writer at eWEEK who covers database, data management and storage management software, as well as storage hardware. He works out of eWEEK's Woburn, Mass., office. Prior to joining eWEEK, Brian spent four years at InfoWorld as the publication's security reporter. He also covered services, and systems management. Before becoming an IT journalist, Brian worked as a beat reporter for The Herald News in Fall River, Mass., and cut his teeth in the news business as a sports and news producer for Channel 12-WPRI/Fox 64-WNAC in Providence, RI. Brian holds a B.A. in Communications from the University of Massachusetts Amherst.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel