New Oracle software helps firms control access to critical data

Oracle Corp. has announced the immediate availability of Label Security, a powerful Oracle9i Database option for controlling access to critical data.

Developed for the U.S. government to protect highly confidential information, Oracle Label Security is now commercially available to organizations looking to "achieve the right balance between sharing and securely separating data for confidentiality or privacy reasons." according to Oracle.

According to Oracle, this option requires no programming and allows customers to use sensitivity tags, known as labels, to secure mission-critical data at the row level, instead of at the table level,whether the data resides within the e-business or at an online service provider’s facility.

Oracle Label Security attaches security directly to the data where it
cannot be bypassed, whereas conventional methods required complex
application coding.

Traditionally, databases assign “privileges” or “roles” at the table level and require an additional layer of application code to grant access at the row level. This security layer can be easily bypassed when a user obtains access to the database from outside of the application,using other applications or tools, according to Oracle. By attaching access control directly to the underlying table,however, Oracle Label Security helps eliminate this security
risk, it is claimed.

In the past year, Oracle has introduced two major security technologies
designed to work together to dramatically increase data security and
privacy. Oracle Label Security builds on the Oracle8i Virtual Private
Database (VPD) feature, which provides server-enforced, fine-grained access control.

With Oracle Label Security, customers receive row-level security
with added flexibility in granular access control, without having to write any code.