Kenneth Hee is responsible for helping out customers understand the value of Oracle security solutions and see how Oracle is playing a part in protecting the customers’ data.
Could you summarize the global scenario of identity management and database security? What securityconcern is top-of-the-mind currently? How does Oracle cater to this?
The global trend in security is very much affected by the disruption in digital economy. The digital economy is bringing a lot of changes in the way the technology is being used, especially with the arrival of mobile computing, cloud, big data and all of that. When you put on this type of technology, the role of security will be heightened, especially with the role of who has accessed what and how they should protect the data that is moving in and out of the organization will be properly secured. That is where database management and identity management play a key role. They are the key technologies, which underpin this whole disruption in this digital economy.
What is one of the most important things organizations can do today to keep their databases secure?
First and foremost we need to look at what are the assumptions made around database security. The first step is to look at them and challenge some of them if we are relying too much on the database administrator, what about the test environment, are we looking at it security beyond the production. Most important is the assumption that nothing will go wrong. We must prepare for the worst case scenario about the data in database, will it get compromised?
How is identity management becoming relevant for CSOs today?
Identity governance, if I call it correctly, today is a top level issue because all of the key executives need to really look at it so they can ensure that financial systems have the right integrity. So that customers’ data is properly protected because they have a big role and have to be accountable for it. Because of that it is becoming very relevant for CISO because has to worry not just about the day to dayoperation but as well as the larger enterprise level issues. Identity management is an enterprise wide challenge.
How are trends like mobile and social transforming and challenging traditional identity management?
Let’s take mobile as the first key challenge. In a traditional world of identity management, you probably enforce very tight password controls. If you going to the mobile world, you’re going to have a different paradigm altogether, the user expects security of identity, the passwords to be different and expect it to be available anytime anywhere to be able to use the application in a way that is most convenient to them. Now in the traditional world, they talk about identity management, you probably have one ID that you use and try to enforce a 12 alphanumeric character password. Now try doing that with your one hand operation or your phone, it is going to be rather unusable and you’re going to discourage a lot of users. Therefore, in the area of mobile you can bring Identity 2.0kind of thinking into the picture.
Socially it’s a very interesting challenge. We’re seeing a tremendous amount of pressure or the customer asking to pick their own identity in the social environment be it LinkedIn, Facebook, Twitter. He says instead of creating my identity on this social environment by registering myself, why shouldn’t I just use my social identity and lock into the system. When it comes to that type of a demand for user expectation, the identity has to evolve and that’s where identity management plays a key role in supporting that change. Whetheryou use your internal identity or allow your users to bring their own identity in the organization.
Which platforms have been introduced by Oracle in the identity management and database security portfolio? How do they work?
Oracle is a believer in the platform approach because we have two key objectives with it. First, the platform is for identity management, which secures the entire Oracle stack. We have a lot of customers that are using the entire stack be it all the way from the applications, to the database, servers, we need that ability to use identity management to secure the entire stack. The second part is the database security, we have a sizable market shareand thereforea lot of our customers would need to secure their database in a way that is most cost effective and most secure. Therefore we are able to have the right type of security solutions to answer to those kinds of challenges but the difference is not only for Oracle technology. Our key competitor also uses the same identity management stack to secure even a non-Oracle application and system. At the end of the day there will always be a heterogeneous environment that we need to look at holistically. Therefore identity management platform will need to play that role effectively.
What are some of the privacy concerns SMBE’s have these days? How does use of Oracle identity management and database security address them?
Privacy is a big issue today. Not only from the regulators perspective but the people like you and I expect the privacy of our data that is collected by the companies to be safeguarded. Identity management plays a key role in it because identity management determines who gets to access this data ensuring that the wrong person should not be able to get it and use it for malicious intent. Likewise when the data is stored in our database our database security would ensure that in case there is any vulnerability compromised, this data will be encrypted, protected and all the right information will be collected, so that we can ensure that no such vulnerability will continue in that environment. So therefore both are controlling who has access to what as well as encrypting and protecting their data are key tenants of data privacy and therefore, Oracle identity management and database security plays a very effective role in that.
Could you highlight some of the challenges faced by the IT security experts these days? How is Oracle working to tackle these?
The biggest challenge for every IT professional is how to rebalance between what arethe tactical problems as well as the strategic challenges. A lot of times the security professional may get distorted information about what they should do next. Oracle is playing a key role to help this IT security professional to understand what are some of the things that need to protect and how to prioritize it and look at what is inside in the organization and protect the most strategic data.
The second areain which we are helping is to sharing some of the innovations, which we are doing in our products so that they can appreciate and understand that what is most cost effective approach to look at.
What is the target and strategy for the Pakistani market? Which verticals are fast adopting IDM?
Our strategy for Pakistan is very straightforward. The first one that we have is to raise awareness. The awareness right now is very muchtowards perimeter security and our role is to ensure that the right kind of attention and focus will be placed on the most critical assets. The data is that assets and we need them to understand the value of this data and how to apply this to the right risk management approach to secure this data.
The second area is that which industry is right. Any industry that has sensitive datawould need that type of awareness and education. Primary one would be banks, telcos, and governmentbecause they store a lot of dataas well as smaller organizations. As long as you have sensitive data you need to protect the identity ensure that the data is encrypted and that no unauthorized access will be granted. That is essentially what we are going to do with the Pakistani market.
What benefits can be achieved with the use of Oracle’s Identity management and database security platforms?
Oracle’s innovation in the identity management is on two key important factors. First is that we offer to the market on a converged platform. Because we believe that having a unified platform will bring tremendous value to the customer and this will give better return on investment. Studies have showed that you have to pay twice the amount of the platform solution,so that’s the first benefit we offer to the customer.
Second, Oracle is constantly looking at new emerging challenges. Our customers have been telling us that whatever they invest in is not only for theproblem today but for tomorrow. So the solution must stand the test of time as well as be ready for new challenges with cloud, social, and mobile. So that’s where Oracle invests in innovation to help our customers to get more value from the solutions.
Does taking these precautions add a burdensome amount of additional effort to anorganization, or push out application and database deployment schedules?
It has been proven that doing the thing right at the first time is always less painful than trying to rush into getting a system to go live. The benefit is that if you’re able to prioritize it correctly you will see that security will be more effective and that will be most viable approach.
Watch Kenneth Hee’s exclusive interview with IDG on WebStudio TV.