Friendly Breaches? Not with Oracle IRM and URM, except at Oracle

I do respect Oracle for being an early adopter of their own products internally, including a very large implementation of the latest Oracle E-Business Suite.  Unfortunately, it appears that Oracle does not run all their products everywhere. 

Today, Billy Cripe of the Oracle Fusion Enterprise Content Management blog discussed Oracle's Information Rights Management (IRM, formerly SealedMedia) and Universal Records Management (URM) products.  The IRM product is used to encrypt sensitive information everywhere including desktops, e-mail, file servers, etc.

The ironic part is that today the Breach Blog posted information on a security breach at Oracle due to a lost laptop.  A few weeks ago Oracle disclosed to the New Hampshire Attorney General that a lost Oracle laptop contained confidential information on 123 employees at recently acquired Lodestar.  Since the New Hampshire privacy statue requires notification when sensitive data is not encrypted, I have to assume the data was unencrypted on the laptop and Oracle IRM was not being used.

 Share this post