monash logo '03.gif (2709 bytes)

Our Services

Our Staff

Guide to Search Engines

How Search Engines Work

Testimonials

Our Research

"Curt Monash's publications provide unmatched insight into
technology and marketplace trends. I have read them avidly for over a decade."

--Larry Ellison, Chairman
and CEO, Oracle

"Curt Monash possesses the rare ability to distill the essence of technological issues into understandable terms. He is particularly adept at melding a firm's product positioning, corporate strategy, and valuation parameters into a concise and coherent framework upon which one can make an informed investment decision. He is a trusted resource."
 
Matthew P. Kaufler, CFA
Portfolio Manager
Clover Capital Management, Inc.

Note To Folks Looking for Monash University

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Security, Forensics, and Privacy in the Database

The main marketing theme for Oracle9i was “unbreakable”, specifically with a heavy focus on security.  Even with that marketing hoopla, however, only a few industry segments cared much about the security aspect -- namely some of the ones that always care about security, such as national defense.   Outside of those industries, it seems that security is not a major competitive issue, and advanced security features get little use.   

That’s a pity, because there’s a lot of substance to go with the marketing hype. Oracle offers value-based security in applications (Virtual Private Database), pre-built tools to administer this security outside the application (Oracle Label Security), and forensic tools to monitor suspicious activity or analyze it after the fact (SelectiveAudit).  Oracle’s major competitors lack some of these features, but at least provide the framework on which similar capabilities could be built. 

DBMS-based security could, if more widely used, provide considerable benefits.  If nothing else, a large fraction of all OLTP applications need built-in security, and it’s easier to provide this through the database’s security features than it is to code it from scratch.   Also, internet and intranet document search could in many cases be much upgraded if highly sensitive documents were eligible to be included alongside less sensitive ones.  While leading specialty search engines offer flexible document-level security features of their own, DBMS-based security could offer extra real and perceived security, permitting some more such applications to get off the ground. 

Even more important are privacy-specific uses, in both health care and homeland security applications.  There are life-and-death treatment reasons to integrate the entire history of a person’s medical care.  And homeland security could benefit greatly if, for example, all of a person’s credit card transactions were tracked together.  Neither of these data integration efforts will -- or should! -- be completed without radical upgrades to privacy safeguards, legal and technical alike.  DBMS-based security is a huge and hugely necessary component of the technical solution. 

It’s difficult to judge what exactly how much to invest in security.  But if tools make it relatively easy to add extra levels of security – without inconveniencing end-users – then in a whole lot of cases it’s a good idea to use them.

 

 

 

For more information, please contact Curt Monash or Linda Barlow.

To reach Monash Information Services by phone, please call 978-266-1815.

 

 

Copyright 1996-2003, Monash Information Services. All rights reserved.
Updated: 05/10/04