Homeland Security says outsourcing increases risk of
Oracle Database Tips by Donald Burleson
The temptation to save money with foreign Oracle development and
support has led many corporations to place themselves a great risk.
I've worked for several companies who have used offshoring for Oracle
remote DBA and applications development, usually to clean-up the
- One client has a rootkit that was e-mail
all of their sensitive data to a foreign country. They went out of
- Another client used a cheap Canadian
remote DBA provider, only to find out that they has lost all data protection
remedies under USA privacy and security laws. Many US firms are surprised
to learn that the FBI may not help you if you employ
foreign IT development and support, as it's outside their jurisdiction.
- One client used the internet for remote
foreign support and had their database hacked, causing a giant loss of
productivity and data loss. US law enforcement could not help, and US
data security laws are not enforceable in many foreign countries.
There are many compelling reasons for keeping your data and applications
under the domain of the USA and using US firms for your Oracle DBA and
Now we see a new study that suggests that globalization increases the risk of
cyberattacks. Congress is considering
breaks for cybersecurity firms, and the National Coordinating Center
for Telecommunications is developing standards for safe networking within
Computerworld article titled "Offshore Outsourcing Poses Privacy Perils"
notes just a few of the perils of entrusting your Oracle database to
citizens of foreign nations:
"Regulatory compliance can be especially difficult to manage
offshore, privacy experts said.
Under California's SB 1386 law, for instance, companies are required
to notify customers of any database breach that may have compromised
their personal data, as soon as the breach is discovered.
With overseas vendors, it becomes a lot more difficult to know
whether, and exactly when, a material breach may have occurred"
This article notes that the Department of Homeland Security suggests
that outsourcing Oracle systems might spell disaster. Greg Garcia,
assistant secretary for cybersecurity and telecommunications at the
Department for Homeland Security notes:
"Make no mistake--our networks and
systems are vulnerable and they are
exposed," Garcia said. "Our adversaries
are sophisticated, nimble and organized
and they will stop at nothing to achieve
their motives, which include economic
gain, advantage, espionage, revenge and
To respond to the threat, Garcia
called for broad collaboration among the
good guys, a call often heard from the
In particular, businesses
and organizations need to secure their
networks and sign up for partnership
efforts such as the Information
Technology Information Sharing and
Analysis Center, or
If you like Oracle tuning, see the book "Oracle
Tuning: The Definitive Reference", with 950 pages of tuning tips and
You can buy it direct from the publisher for 30%-off and get
instant access to the code depot of Oracle tuning scripts.