For government agencies using Oracle EBS, securing both production and non-production databases, is now more important than ever. The New York Times recently reported that the so called “hacktivists” group “Lulz Security” is waging a virtual war on government agencies. Additionally, a recent report by antivirus vendor McAfee described a 5 year hacker operation that targeted more than 70 U.S and foreign government agencies, defense contractors, and international organizations.
Like their private sector counterparts, government agencies tend to spend time and money on ensuring their live, production databases remain safe and secure, but typically less emphasis is put on securing non-production databases. In essence, there is a guard at the front door, but the back door is being left wide open.
According to a 2009 Ponemon Institute study, “Cost of Data Breach“,80% of companies surveyed reported using real production data in testing environments while 75% share live data with third-party vendors and offshore teams. The study also reports that 42% of all data breaches were the result of third-party mistakes or flubs.
Those organizations that do spend some effort on securing non-production databases often choose to manually write scripts to mask data – field by field. Many of the governmental groups Unitask has spoken to and worked with indicate their primary non-production data security measures amount to manually writing scripts to mask data before they are shipped off to third-party vendors for testing. The current issue they are faced with is the risk of exposing sensitive data both internally and externally. Unfortunately, manually securing data is often an error-prone process. Miss just one of the hundreds of sensitive data fields and you’re still at risk of hackers accessing live sensitive data.
To respond to both the challenges of keeping data secure in Oracle EBS and the difficulty and inherent errors associated with manually writing scripts to mask data, Unitask Security Director has been developed to provide an automated, error-free approach to securing non-production databases in Oracle EBS. Unitask Security Director automatically scrambles all the numerous sensitive data fields in Oracle EBS non-production databases – in just 5 steps – all without impacting production database uptime or functionality. And in the event a hacker did gain access, the scrambled data would be useless to them, but still useful to developers and testers.