It's good to see that Oracle is concerned about mobile security.
A Computing Canada story says the company and its large universe of database administrators is teaming with Nokia to enable remote users to efficiently access data stored in the Oracle Collaboration Suite. Security, the piece suggests, will be a big issue in creating the platform.
The glass half-full approach view of this news is that the efforts of Oracle and Nokia -- powerhouses in their respective fields -- are a step forward. The glass half-empty view is that the story portrays an industry that is just coming to grips with tremendously vital and fundamental security questions.
Both views are correct. Security is a hot issue, of course, and a highly secure end-to-end, database-to-mobile-device connection is increasingly important as regulatory and legal requirements become more rigid and increasingly sophisticated remote applications cull more sensitive data from databases.
Some of the issues raised in the story, however, should have been dealt with long before deployments started, especially for companies that will put a lot of sensitive documents in the air. Oracle does this, of course, when it runs mobile customer relationship management (CRM) and other mobile applications and platforms.
In the story, the director of the Toronto Oracle Users Group says that enterprises must be sure they need mobility in the first place. On the surface, that seems like a good point. But isn't this a question companies should have been dealing with two or three years ago?
In any case, it's good to see that concerns about mobile security involve the database as well as the mobile element of the data's journey. Security measures are employed at several layers: For instance, passwords and biometrics control access to networks, while 802.11i is a standard that better encrypts the data that is traversing that network. They are separate, and each is complex in its own way.
The point simply is that security is a highly complex undertaking. We're not engineers, but in such a landscape it makes sense to include the database directly in the security mix, not bifurcate security into database and mobility sectors that are somehow meant to mesh with each other.