Beefing Up Security

SAP AG announced that it is acquiring software and related assets from its security partner Secude AG for an undisclosed amount. Meanwhile, Oracle Corp. released 66 security patches affecting hundreds of its products. Finally, disaster recovery hardware provider ioSafe, Inc. unveiled its Rugged Portable hard drive at the Consumer Electronics Show (CES).

Focal Points:

• According to SAP, the vendor is acquiring software and related assets from Switzerland-based Secude, in order to provide improved security for SAP customers. Secude offers secure login and enterprise single sign-on capabilities, as well as related consulting and development resources, SAP said. SAP is planning to offer customers a basic version of the secure login product at no charge in the second quarter. Terms of the deal were not disclosed, although SAP expects it to be completed by Feb. 1. SAP also said that it intends to keep Secude as an independent company, and will focus on building Secude's FinallySecure data-protection product line.
• On Tuesday, Jan. 18, Oracle issued 66 security patches affecting hundreds of Oracle products, including Audit Vault, JRockit, Solaris, and WebLogic Server. According to the vendor, a number of the patches are for vulnerabilities that meet the most serious risk level under the Common Vulnerability Scoring System. Six of Tuesday's patches fix vulnerabilities in Oracle's flagship database and 16 target Oracle middleware products, said the company. Two of the bugs affecting the database can be exploited remotely without a user name or password, and 12 of the middleware vulnerabilities allow for remote exploitation without authentication, Oracle added. Other patches being issued address vulnerabilities in Glassfish, JD Edwards, Oracle Enterprise Manager, OpenOffice, and PeopleSoft, Oracle announced.
• At CES, ioSafe not only launched but also demonstrated that its Rugged Portable hard drive could withstand drops, water submersion, and even blasts from a 12-guage shot gun. The drive ranges in size from 250GB to 1TB, and is priced starting at $150, said ioSafe. The hard drive's case is waterproof, and the aluminum model can protect data for up to three days in salt or fresh water at a depth of 10 feet, according to the vendor. Meanwhile, the titanium solid state drive (SSD) version can protect data in water at a depth of 30 feet, ioSafe added. Additionally, the aluminum drive can withstand drops from 10 feet and the titanium from 20 feet, said ioSafe. The rugged drive has USB 3.0 and FireWire connections, and both the aluminum and titanium models come with one year of data recovery service, which includes data recovery even in cases of accidental deletion. Service for three years costs $50 and service for five years costs $100, ioSafe added.

Experton Group believes companies of all sizes need to take a holistic approach to security and ensure that their people, processes and technologies protect corporate assets in all environments. The SAP acquisition of Secude exhibits SAP's skittishness resulting from the penalties in the Oracle TomorrowNow lawsuit. However, its embedding of a basic component of the login capability at no charge is a good move. IT executives should take immediate action to ensure they have applied the patches to the Oracle bugs that allow remote access to the database with a user name or password. Oracle needs to assure its users that no additional bugs exist that can so greatly expose corporate assets. IT executives concerned about extreme conditions at their factories, offices, or other facilities where electronic data is being stored locally should consider using hardened hard drives such as ioSafe's as part of their security protection package.