System News for Sun Users

Prioritizing Your Database Security Patches

2013-04-22T16:00:00+01:00

"Patching databases can be painful, but the presence of critical vulnerabilities can make closing security holes quickly necessary...

Prioritizing patches is tricky enough when organizations are not thinking about the downtime that can result from taking down a production database. When that comes into play, however, the patching process can slow down -- so much so that databases can be months behind in critical updates..."

Digging through Data Can Be Path to the Future

2013-04-22T16:00:00+01:00

"Canadian-based Maritz Loyalty has found data mining software to be a gold mine for its customers. Read why this category of solutions is important to organizations

Number-crunching has never been easier thanks to powerful PCs, software and servers. But what data gets crunched and how has never been more difficult to decide.

That's what Mississauga, Ont.,-based Maritz Loyalty Marketing wanted over a year ago when it began looking for a data mining solution..."

Do You Need an EDW?

2013-04-22T16:00:00+01:00

"In the early 2000s, data warehouses were the iPhones of the IT world: everyone had to have one. They were cool, great for snazzy demos, could be piggybacked by a bunch of applications and cost a truckload of money. There was no shortage of reasons for having a data warehouse, and some of the business cases made for wonderful reading.

Nearly a dozen years down the line, not a lot has changed on this front. CIOs still love data warehouses, but there have been other developments that need to be added into the business case..."

Open Your Data to the World

2013-04-22T16:00:00+01:00

"When Neil Fantom, a manager at the World Bank, sat down with the organization's technology team in 2010 to talk about opening up the bank's data to the world at large, he encountered a bit of unfamiliar terminology. "At that time I didn't even know what 'API' meant," says Fantom.

As head of the bank's Open Data Initiative, announced in April 2010, Fantom was in charge of taking the group's vast trove of information, which previously had been available only by subscription, and making it available to anyone who wanted it. The method of doing that, he would learn, would be an application programming interface..."

Poor Data Quality That Kills

2013-04-22T16:00:00+01:00

"In my previous post, I made the argument that many times it's okay to call data quality as good as it needs to get, as opposed to demanding data perfection. However, a balanced perspective demands acknowledging there are times when nothing less than perfect data quality is necessary. In fact, there are times when poor data quality can have deadly consequences..."

How to Improve DBA and Security Team Relations

2013-04-22T16:00:00+01:00

"If ever there were an "odd couple" tension of Oscar and Felix proportions within the IT operations community, it would be the mismatch between database administrators (DBAs) and the security pros tasked with managing risk on the data stores the DBAs keep humming. DBAs are "performance junkies," according to John Kindervag, principal analyst for Forrester Research. Meanwhile, many IT security professionals came up through the ranks of network administration ranks and know very little of the arcane world of fields, tables, and queries..."

No, not every database was created equal. Here's how they stand out

2013-03-18T16:00:00+01:00

"The usability of health and other information technology systems has long been a challenge.

And there are a number of common misconceptions as to why the problem persists, according to Nancy Staggers, RN, a professor of Informatics at the University of Maryland�'s School of Nursing, and Lorraine Chapman, Director of Use Experience Research at Macadamian Technologies, a user experience design and software development firm that does work in the health care field... a list of the top 10 usability myths..."

Clinicians are uncomfortable with technology
Health care workers want all their information on one screen
The system with the most features will win a purchase decision
If users like a feature or a function on their desktop devices, they�'re going to love it on their mobile devices
If clinicians are allowed to customize their screens, they�'ll be happy with their systems
Usability is subjective
Usability is only about a pretty face
Usability stifles innovation
Usability is the sole responsibility of the vendor
Meaningful Use Stage 2 is a year away �- we have time to develop new systems

Read on for details

Database security is too complex to implement

2013-03-11T16:00:00+01:00

"A recent GreenSQL survey of IT professionals worldwide concluded that 31.4% of security professionals believe that database security implementation is too complex, making it their number one obstacle. Almost 20 percent think that requirement for dedicated personnel or special expertise is yet another hurdle in putting in place database security..."

Don't Believe the IT Hype: Ye Cannae Change the Laws of Physics

2013-03-04T17:00:00+01:00

"It's fun to be on the receiving end of IT advertising. The vendor's ads start by promising to solve your business problems better than the competition can, and then the superlatives begin to snowball until an answer to global warming and a solution for war in Iraq are both in there among the plug-ins you can buy to make your purchase extra-worthy.

There comes a point, however, where you have to ask yourself: why do I need to buy this? Is it really all it's cracked up to be? Could I do it just as well myself, or via some other means?..."

Restarting Database Security

2013-02-06T17:00:00+01:00

"How do we put together a database security program?"

"That has been the most common database security question I've received in the past nine months. I've been surprised by the number of firms that have asked for my assistance with setting up a database security program -- mostly because large firms are the ones that already have parts of a program in place. More to the point, both large and midsize firms, which have at one time bought database security products and have some database security processes, see they have a problem..."

Unlock the Value of Data: Share It

2013-02-05T17:00:00+01:00

"Information becomes more valuable when somebody can make a good decision based on it. A list of winning lottery numbers may be worth millions before the drawing and nothing afterward. The correct information at a doctor's fingertips may save a patient's life.

To discover, generate, collect, store, protect, mash up, analyze, distribute and retire information, we use technologies to manage the information lifecycle. Notice that we just defined information technology..."

You Still Stink At Patching Databases

2013-01-23T17:00:00+01:00

"Only about a fifth of organizations patch their databases within three months, and that number is unlikely to get better anytime soon, experts say Last week's quarterly Critical Patch Update from Oracle fixed only one issue in the software giant's core database product, which is pretty fortuitous for most enterprises because even after years of warnings about it, database patch cycles still continue to lag. In fact, the numbers show that enterprises may actually be getting worse at patching databases rather than improving..."

Manage MySQL from Windows with these five apps

2012-12-28T17:00:00+01:00

"MySQL is one of the most popular database servers on the planet. It�'s free, open source, and as powerful as any other database around. MySQL is also cross-platform; and, like with Linux, there is no built-in GUI tool for Windows. However, that�'s not really an issue because there are plenty of GUI tools available that can manage your MySQL database - even from the Windows environment. These tools can connect to both local and remote databases; so it doesn�'t matter of your MySQL server is on the Windows machine or a Linux server.

I have found five outstanding MySQL managers for you to examine. Of these five, you will certainly find one that will help you manage all aspects of your MySQL databases..."

Don't Throw Away Your DAM Money

2012-12-27T17:00:00+01:00

"After being in the technology vendor space for a long time, Caleb Barlow had an attitude adjustment coming when he started meeting with customers of IBM's Guardium database activity monitoring (DAM) product. He found that their biggest complaint wasn't about what isn't in the product, but what is there -- and they just don't know about yet..."

Making Database Security Your No. 1 2013 Resolution

2012-12-20T17:00:00+01:00

"As the IT community struggles to push itself off of the proverbial mat, bloodied and beaten by yet another 365 days of bruising data breaches, now's the time to start thinking about a new year of security resolutions. Considering that the weak state of many enterprises' database infrastructures has been the glass jaw to suffer the bulk of the knockout breaches of 2012, it makes sense to put database security at the top of the list of 2013 resolutions. The question is whether IT executives will see fit to shift their priorities to an area that has traditionally seen very little focus beyond meeting bare minimum reporting requirements..."

10 of the Most Useful Cloud Databases

2012-12-18T17:00:00+01:00

"IDC predicts that big data is growing at an annual rate of 60% for structured and unstructured data. Businesses need to do something with all that data, and traditionally databases have been the answer. With cloud technology, providers are rolling out more ways to host those databases in the public cloud, freeing users from dedicating their own dedicated hardware to these databases, while providing the ability to scale the databases into large capacities. "This is a really huge market given all the data out there," says Jeff Kelly, a big data expert at research firm Wikibon. "The cloud is going to be the destination for a lot of this big data moving forward."

A Guide to Practical Database Monitoring

2012-12-17T17:00:00+01:00

[Excerpted from "A Guide to Practical Database Monitoring," a new, free report posted this week on Dark Reading's Database Security Tech Center.]

"Database activity monitoring, a form of application monitoring, examines how applications use data and database resources to fulfill user requests. DAM captures and records database events -- which, at minimum, includes all SQL activity -- in real time or near real time.

DAM is focused on the database layer, which allows for a contextual understanding of transactions, or how multiple database operations constitute a specific business function.

If you want to understand when administrators perform unauthorized alterations or view sensitive information, or be altered when systems are used in a manner inconsistent with best practices, DAM is a good choice..."

5 Steps For Good Database Hygiene

2012-12-05T17:00:00+01:00

"Some of the most important ways to reduce risk boil down to the fundamentals of security. Keep systems well-patched, prevent data from spreading around, make sure systems are properly segmented, and watch where you store valuable log-in data. Much like flossing, these good habits require day-to-day maintenance that will reap long-term benefits. Here are what the experts say about the kinds of actions necessary to keep up on good database hygiene..."

Semantic Databases: Destiny or Distraction?

2012-12-05T17:00:00+01:00

"Don't buy into the idea that semantic database technologies are just for consumer-facing services such as BBC Online or the semantic Web initiatives embraced by the likes of Best Buy and Cisco. In much the same way that consumerization drives innovation in end user computing, semantic database technologies deliver benefits that businesses of all stripes should be exploiting..."

Six Free/Open Source Databases with Commercial-Quality Features

2012-12-03T17:00:00+01:00

"We tested six popular free or open source relational database management systems (RDBMS): Microsoft SQL Server Express, PostgreSQL, Oracle�'s MySQL, MariaDB, Apache Derby, and Firebird SQL. We tested each product on ease of installation, documentation, features, management tools and performance using a log file containing more than 1 million records. Here are the individual results..."

Threats And Security Countermeasures

2012-11-28T17:00:00+01:00

"How do you secure a database? I get that question a lot. After 15 years of people asking, my reaction is almost instinctual.

"How do you secure Big Data environments?" is the new question people ask. The first time someone asked me this, my gut reaction was to consider what security features we have in relational systems, how they protect data and the database, and then show which facilities are missing from big data clusters..."

How-to: get started with MySQL

2012-11-19T17:00:00+01:00

"Long a staple of open source computing, MySQL serves as the database back end to a massive array of applications, from network monitoring frameworks to Facebook. To those uninitiated in how databases work, setting up MySQL for the first time can be somewhat daunting. Nevertheless, with a few pointers and concepts, you can quickly get a new MySQL instance up and running, ready to deploy your application..."

The Root of All Database Security Evils = Input

2012-11-15T17:00:00+01:00

"Some of the most embarrassing database breaches of the past few years boil down to one big root cause: poor input validation and sanitization imposed by developers who create Web applications that tap into these data stores. In the rush to get code compiled and out the door, developers create input fields that allow users to type in anything they want. That's fine for most users who just need to type in their usernames, a search term, or an address and phone number. But when the bad guys get their hooks into these unchecked input fields, they're one step closer to hacking the database..."

Nightmare on Database Street: 5 Database Security Horror Stories

2012-10-25T16:00:00+01:00

"Database security may not be quite as sexy as a teenage party in a classic horror film. But when it's done wrong, technology executives, CEOs, and customers alike would shiver at the consequences. Don't think so? Then read just a few of the horror stories laid out by some of the grizzled penetration tester vets we quizzed here. Their exploits show how scary bad database security can really be..."

Dodging 5 Dangerous Database Default Settings

2012-10-11T16:00:00+01:00

"Out-of-the-box settings and weak configuration of databases make it easier for thieves to break into data stores and harder for IT to quickly detect breaches ...

Even as enterprises spend buckets of cash on data defenses at various layers of IT infrastructure, many of them sabotage their efforts by ultimately storing that information in poorly configured databases. Whether due to legacy application logistics, convenience to administrators, or lack of awareness by DBAs, databases set up with out-of-the-box settings are all-too-common within the enterprise..."

Encrypted Query Processing

2012-09-24T16:00:00+01:00

"Encrypting data is one of the most basic -- and most effective -- data security measures we have at our disposal. But when used with relational databases, encryption creates two major problems..."

Attack Easily Cracks Oracle Database Passwords

2012-09-20T16:00:00+01:00

"A researcher tomorrow will demonstrate a proof-of-concept attack that lets outside attackers and malicious insiders surreptitiously crack passwords for Oracle databases with a basic brute-force attack. Esteban Martinez Fayo, a researcher with AppSec Inc., will show at the Ekoparty security conference in Buenas Aires, Argentina, an attack exploiting cryptographic flaws he discovered in Oracle's database authentication protocol. It lets an attacker without any database credentials brute-force hack the password hash of any database user so he then can get to the data.

Martinez Fayo and his team first reported the bugs to Oracle in May 2010..."

DBAs And Developers Need To Better Segment Data Access

2012-09-17T16:00:00+01:00

"It's hardly a new idea for network administrators to use segmentation and the development of DMZs to better partition and protect sensitive systems away from rest of the IT infrastructure asset herd. But to DBAs and Web application developers, these ideas may be a little more foreign. According to many data security experts, though, application and data owners would do well to learn a few lessons from their networking brethren.

With better logical separations within database and application environments, organizations could stand to mitigate risks when hackers compromise parts of the data-bearing infrastructure, they say..."

10 Ways Developers Put Databases At Risk

2012-09-12T16:00:00+01:00

"Many of today's Web applications rely on enterprises' most sensitive data stores to keep order systems running, partner companies collaborating, and internal users in touch with important business information no matter where they are.

While such easy access to business-critical data has greatly improved worker productivity and loosened the pocketbooks of customers, it has also opened up that data to considerable risk. Unfortunately, much of the risk is introduced by developers who lack the resources to code these applications without vulnerabilities that open databases to compromise -- be it time, money, education, or support from executives..."

Buzz Grows Around Graph Databases

2012-08-29T16:00:00+01:00

"Graph databases, which store and query connected information, are starting to emerge as a way of dealing with data delivered in a nonrelational format, such as social networking data.

With a graph database, the focus is on the connections between data..."