More Related Content Similar to David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment? (20) More from Government Technology and Services Coalition (20) David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment?1. A Pragmatic Approach to a Secure
Information Environment
David Knox
VP Technology
Oracle National Security Group
2. Three Things to Think About
Security Drivers & Governance
Protecting Our Systems
Cutting-edge Innovations
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
1
2
3
2
4. “A” is for Assets
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
5. “B” is for Brand
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
6. NIST FIPS 140-1 & 201
OFAC
21CFR Part 11 CA SB 1386
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Sarbanes-Oxley
FTC 16 CFR 314
Patriot Act
PCAOB Audit
WA SB 6043
ND SB 2251
IL SB 1479
PA SB 705
PIPEDA
HSPD-12
FERPA FISMA PL107-347
EU Privacy
GLB
Basel II
BSA
HIPAA
Compliance
7. Getting a Handle on Compliance
Ensuring Reality is in line with Theory
Discover Classify Assess Monitor
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• Automated Asset Discovery and Grouping
• Patch Management
• Configuration Controls
• Enterprise Compliance
• Continuous Monitoring
Monitor
Configuration
Management
& Audit
Vulnerability
Management
Fix
Analysis &
Analytics
Prioritize
Policy
Management
Asset
Management
8. Three Things to Think About
Security Drivers & Governance
Protecting Our Systems
Cutting-edge Innovations
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
1
2
8
3
9. • Mitigating Insider Threats requires
mandatory controls and auditing
• Cloud (Administrators) introduce new
risks
• Persistent threats from Cyber attacks is
the new normal
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
9
Leverage Protections for the Cyber, Insider Threats & Cloud
10. Network
uthenticate
KING 18031
SCOTT 14220
PIERMAR 17170
KNOX 12029
KYTE 17045
CAREY 12032
HOECHST 18029
Org 30
Authentication Access
sfING
SCOjd
ByAgE
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Data
Protection in Context
Privacy &
integrity of
data
Monitoring &
auditing
Privacy &
integrity of
communications
control
SMITH
gAMES
fONES
MIER
Org 10
Org 20
Admin
11. Three Things to Think About
Security Drivers & Governance
Protecting Our Systems
Cutting-edge Innovations
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
1
3
11
2
12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Continuous Monitoring
High Ingest with Query
• Approaching 200,000 EPS; 3 Billon (4TB) rows/day
• From 12 users to > 100; Query response 70X faster
– Most queries sub-second, longest query < 60 seconds
• 14 Days of data retained expanded to 5 years
– Enabled new queries which give needed insight
• Data Compression 14X
• 7:1 Reduction in Floor Space: Cost Savings 10X
13. Innovations in Infrastructure Create New Capabilities
Software
in Silicon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Performance
In-Memory Acceleration
Engines
Reliability &
Security
Application Data
Integrity
Capacity
Encryption &
Compression
Engines
14. Reliability & Security: Application Data Integrity
Revolutionary Change to Memory Architecture
• Database In-memory places terabytes of data in memory
– More vulnerable to corruption by bugs/attacks than storage
• SPARC M7 Application Data Protection stops memory
corruptions with no impact on performance
• Hidden “color” bits added to pointers (key), and content (lock)
• Pointer color (key) must match content color or program is aborted
• Prevents access off end of structure, stale pointer access,
malicious attacks, etc. plus improves developer productivity Memory
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Pointers
Memory
Content
15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Concluding Points
• Security in-depth with practical governance
– Security is more than authentication and firewalls
– Apply proven, natural and intuitive practices
• Protection techniques mitigate all risks
– Cloud
– Cyber
– Insider threats
• Innovations in technology, innovations in thinking
16. Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
16