'Enterprise security has to evolve,' says Oracle

Enterprise defence is evolving - from perimeter defence to the security of business critical information, according to Oracle in a keynote speech at the RSA Conference in San Francisco.

It said organisations were concentrating more on securing business critical information and applications, whereas previously it was more about perimeter defence and defending from the outside - threats like denial of service attacks, spam, spyware and viruses.

"There are three primary security challenges that organisations have today," said Thomas Kurian, senior vice president of Oracle Server Technologies Development.

"Number one is that businesses are not secure, two is that the cost of protecting information is growing, and three is that the way that you have to secure this information is complex and challenging for many organisations."

He said that business critical information was not currently secure because there were lots of places where it was being stored.

"You have sales contracts that are in your CRM system. You've got financial contracts in your ERP system. You've got hundreds of business critical documents that are scattered on different file servers and document depositories," said Kurian.

"Email retention is now a business critical issue because legally it is seen as a system where email needs to be stored and managed. Many users have access to these depositories, and so by this very nature, it is not secure."

He also said that even if businesses attempted to secure the information, costs were escalating increasing because of new technology and applications coming out as well as the move to self service applications.

Kurian ended the keynote by saying: "We at Oracle have watched the whole enterprise security initiative evolve over the last three, four, five years."

"Fundamentally the nature of what needs to be secured, what security vulnerabilities occur and what causes them has changed," he continued.