Oracle Commercializes Security Developed for U.S. Intelligence Agency

Oracle9i(TM) Database Option Provides Stringent, Yet Easy to Implement, Data Security and Privacy; Meets Latest U.S. Government Standards

REDWOOD SHORES, Calif., Feb. 28 /PRNewswire/ — Oracle Corp. (Nasdaq: ORCL), the largest provider of software for e-business, today announced the immediate availability of Oracle(R) Label Security, a powerful Oracle9i Database option for controlling access to critical data. Developed for the U.S. government to protect highly confidential information, Oracle Label Security is now commercially available to organizations looking to achieve the right balance between sharing and securely separating data for confidentiality or privacy reasons. This option requires no programming and allows customers to use sensitivity tags, known as labels, to secure mission-critical data at the row level, instead of at the table level, whether the data resides within the e-business or at an online service provider’s facility.

Information security has become one of the top concerns of e-business. According to a 2000 Global Security Study conducted by InformationWeek Research and PricewaterhouseCoopers, 71 percent of executives, IT managers and security professionals surveyed ranked information security as a high priority for business. Whereas in the past, organizations needed highly specialized, expensive proprietary software to achieve row-level access control, businesses and government agencies can now take advantage of the Oracle Label Security option, which runs on standard commercial operating systems.

“As organizations move more of their critical business information online where it is accessible to employees, customers and partners, they require additional levels of security as well as flexibility,” said Chris Christiansen, IDC analyst. “There are important new technologies emerging in the market that reinforce traditional security technologies — data encryption and firewalls. With Oracle Label Security, customers can solve sophisticated data access control requirements with an easy-to-implement, cost-effective solution.”

Oracle Label Security attaches security directly to the data where it cannot be bypassed, whereas conventional methods required complex application coding. Traditionally, databases assign “privileges” or “roles” at the table level and require an additional layer of application code to grant access at the row level. This security layer can be easily bypassed when a user obtains access to the database from outside of the application, using other applications or tools. By attaching access control directly to the underlying table, Oracle Label Security helps eliminate this security risk.

In the past year, Oracle has introduced two major security technologies designed to work together to dramatically increase data security and privacy. Oracle Label Security builds on the Oracle8i Virtual Private Database (VPD) feature, which provides server-enforced, fine-grained access control. With Oracle Label Security, customers receive row-level security with added flexibility in granular access control, without having to write any code. Despite the fact that this level of granular data access security is required by the U.S. Government to secure contracts, Oracle is the only database vendor to offer it. Oracle Label Security is a unique part of an overall security solution that companies can use to comply with recent government regulations. Oracle Label Security helps companies within the health care industry — private and government agencies — comply with the electronic transaction standards adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Oracle Label Security also helps companies within the financial services and retail industries comply with consumer privacy requirements adopted under the Gramm-Leach-Bliley Act of 1999.

Greater Economies of Scale for Online Service Providers With Oracle Label Security, Application Service Providers (ASPs) and Managed Service Providers (MSPs) can achieve greater economies of scale for a more cost-effective model. Providers no longer need to maintain separate database instances for each customer to achieve secure separation of data. Instead, providers can host data for multiple subscribers within a shared database instance. Oracle Label Security permits service providers and/or subscribers to label data at the row level to ensure subscribers can only access data they own.

“As the only fine-grained, data access control product available, Oracle Label Security exemplifies the features and options of the Oracle9i Database to address emerging needs of e-business and software hosting,” said Chuck Rozwat, executive vice president of Server Technologies at Oracle. “We are focused on offering technology innovations that will make a tangible impact on e-business, in terms of increasing productivity and reducing costs and risks associated with managing large amounts of information.”

Availability

Currently shipping as an option to Oracle’s flagship database, Oracle Label Security is immediately available for purchase on Oracle Store: http://oraclestore.oracle.com/ .

About Oracle Oracle Corporation provides the software that powers the Internet. For more information about Oracle, please call 650-506-7000.