Oracle wants to rein in database admins

Security software aims to prevent database administrators from accessing sensitive stored data.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

April 26, 2006 4:17 p.m. PT

2 min read

In the age of insider threats and regulatory compliance, Oracle doesn't think administrators should have full rein over the information in databases they manage.

The business software giant is readying new software that puts access restrictions on database administrators. The new Oracle Database Vault, due out next month, enforces access controls to help companies meet regulatory and privacy mandates and protect against employees with malicious intentions, said Wynn White, a senior director at Oracle.

"We're taking away the keys to the kingdom from these guys," White said. "You want to be able to give them access to information they need to do their job, but you don't want to give them more than they need."

The Database Vault features will be in demand, especially for databases that contain private data, Forrester Research Analyst Noel Yuhanna said. He estimates that to be one-third of all database systems that are in use. "Enterprises want their administrators to manage their databases, not data," he said.

Oracle is leading the pack of database makers with the new access restriction features, Yuhanna said. "Microsoft, IBM and Sybase don't have anything like this," he said. However, the competition likely will have similar features available in the not-too-distant future, he added.

In addition to the database makers tightening the security of their databases, several other companies including Guardium, Tizor and Crossroads Systems offer products that monitor access to the data stores. These companies also pitch their products as the solution to regulatory woes.

Oracle plans to sell Database Vault as an add-on for the Enterprise Edition of the Oracle Database. It will cost $20,000 per processor or $400 per unique user and work with version 10g Release 2, the most recent version of the company's top-of-the-line database product released last year.

Instead of selling the access restriction functionality as an add-on, Oracle should have included it in their core database product, Yuhanna said. "A lot of customers are going to be demanding that," he said. "It has to be seen if IBM and Microsoft are going to offer similar products at similar cost, or as part of their databases."

In addition to the Database Vault, Oracle on Wednesday plans to announce new software that allows encrypted backups of information stored in databases. Called Oracle Secure Backup, the software can encrypt and copy data onto a tape storage device, Oracle said. The software, available now, works with many versions of Oracle's database and costs $3,000 per tape drive, Oracle said in a statement.