SlideShare uma empresa Scribd logo

Best Practices for implementing Database Security Comprehensive Database Security

K
Kal BO

Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017

Tecnologia
1 de 27
Baixar para ler offline
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Privacy & Security Regulations Increasing World-Wide EU GDPR PCI NZPA APP APPI Ch GDPL HK PDPO Si PDPA Th OIA Ru DPA IT Act SAECTA MDPA APDPL CLPPL Art. 5 CDPL MPDPL FOIPPAPIPEDA NY DFS 500 48 State Data Privacy laws Patriot Act CIPHIPAA GLBA
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 98M Target DEC ‘13 1B Yahoo Dec ’16 400M Friend Finder Dec ‘16 150M eBay May ‘14 200M Experian Mar ’14 US Voters 191M, Dec 15 150M Adobe Oct ‘13 56M Home Depot Sep ‘14 76M JPMC Oct ‘14 80M Anthem Feb ‘15 2M Vodafone Oct ‘13 42M Cupid Media Jan ’13 TBs IP Sony Nov ’14 2M Orange Feb/Apr ‘14 20M Credit Bureau 12M Telecom S. Korea Jan ‘14 22M Benesse Education Jul ‘14 Japan Espionage Kaspersky Jun ‘15 400GB IP Theft Hacking Team Jul ‘15 Carphone Warehouse Aug ’15 2.4M 4M Talk Talk Oct 15 50M Turkish Govt Apr ‘16 5M VTech Nov ‘15 30M BSNL Telco Journal Jul ‘15 Kmart Oct ‘15 11M Premera Blue Cross Mar ‘15 93M Mexico Voter Apr ‘16 154M US Voter Jun ‘16 32M Ashley Madison Jul ’15 US OPM, 22M Jun ’15 15M T-Mobile Oct ’15 4.6M Scottrade Oct ’15 55M Philippines Voter list Apr ‘16 4 Data Breaches are Exploding World-Wide 3.2M Debit cards Oct ‘16 Sabre Mar ‘16 CIA Apr ‘17 77M Edmodo May ‘17 143M Equifax July ‘17
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data is Today’s Capital • Data breaches are exploding world-wide – Databases continue to be the prime target • Fast Evolving, Stringent Regulatory Landscape – Across industries and regions – Laws that aim to protect data and citizen privacy • Data Security Strategy – Protect against multiple threat actors and multiple vectors – With built-in, comprehensive security controls – For on-premise and cloud databases 5 But in the Wrong Hands, Data Becomes the New Liability
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | XSS / Malware Changing Threat Landscape 6 Databases remain the Target Threat Actors Hackers OS Admin DBA Test & Dev End-Users Support SQL Injection Stolen Credentials Ransomware Physical Theft Privilege Escalation Network Sniffing Threat Vectors Middleware Applications Databases Operating System Network Storage Backup Threat Targets
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Evaluate Security Risks
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9 Situation: Hundreds of databases distributed around the globe, scattered across dozens of acquired companies; no unified configuration standard Solution: Oracle Database Security Assessment (DBSAT) Result: Significant misconfigurations identified, leading to a single configuration standard being applied everywhere Benefit: Reduced risk of breach and easier security audits against a well-defined standard Global Oil Field Services Provider Situation: Thousands of Oracle Databases managed by silos of administrators; no comprehensive picture of databases’ security posture Solution: Continuous compliance monitoring with Oracle Enterprise Manager Database Lifecycle Management Pack Result: Near-real time alerts when any database configuration drift introduces security risk Benefit: Reduced audit costs, improved security Very Large Semiconductor Manufacturer Situation: Migrating SAP installation to a new infrastructure; desire to harden deployment at the same time Solution: Oracle Database Security Assessment (DBSAT) Result: Discovered many security issues including use of default SAP application account configured for password-less login Benefit: Potential production vulnerability avoided Global Auto Manufacturer Situation: Dozens of production databases with no model of where sensitive data resides making it difficult to apply suitable security policies and controls Solution: Sensitive Data Discovery with Oracle DB Security Result: 400+ columns of SSN & other sensitive data identified Benefit: Ability to apply appropriate security controls on data US Insurance Provider Evaluative Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Prevent Data Compromise
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Reducing the Risk from Malicious Users Oracle Database Vault 11 Separation of Duty Over Privileged Account Least Privilege Protect Sensitive Data Minimize impact to • Applications • Performance • High Availability • Operations Prevent Database Change
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Disks Exports Backups Transparent Data Encryption Encrypted Storage d$f8#;!90Wz@Yg#3 Redacted Applications Data Redaction Oracle Advanced Security 12
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Advanced Security Transparent Data Encryption (TDE) 13 Disks Exports Off-Site Facilities • Encrypts columns or entire tablespaces • Protects the database files on disk and on backups • High-speed performance • Transparent to applications, no changes required • Integrated with Oracle DB technologies Applications Encrypted Data Backups Clear Data d$f8#; !90Wz Yg#3R qR+% @Ue#3 R+%K# *HH$7 #9Vlka
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | TDE Integration with Oracle Database 14 Database Technologies Example Points of Integration TDE Support High-Availability Clusters Oracle Real Application Clusters (RAC), Data Guard, Active Data Guard Backup and Restore Oracle Recovery Manager (RMAN), Oracle Secure Backup Export and Import Oracle Data Pump Export and Import Database Replication Oracle Golden Gate Pluggable Databases Oracle Multitenant Option Engineered Systems Oracle Exadata Smart Scans Storage Management Oracle Automatic Storage Management (ASM) Data Compression Oracle Standard, Advanced , and Hybrid Columnar Compression
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Key Vault – Centralized Key Management 15 Oracle Wallet Upload & Download Oracle Database Online Master Key ASM Storage Nodes ASM Cluster File Systems (Encrypted) Online Master Key Credential File Upload & Download Java Keystore Upload & Download MySQL Keys Solaris Crypto Keys
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Situation: Fourteen independent operating units consolidating different Oracle eBusiness Suite (EBS) instances; requirement to support migration and test Solution: Data Masking with eBusiness Suite templates Result: Substantial reduction in risk (and risk-mitigation costs) by removing sensitive data from non-production systems Benefit: Initial consolidation of three business units was accomplished in the first year Consumer Goods Manufacturer Situation: Hortonworks Hadoop with sensitive/classified information Solution: BigData SQL, Oracle Data Redaction and Virtual Private Database (VPD) across Oracle DB and Hadoop Result: Ability to restrict user access to sensitive data in data lake Benefit: Data from a single big data repository can be shared among agencies while maintaining adherence to data classification policies European Government Ministry Situation: Board of Directors mandate to encrypt databases for critical applications by end of 2017 Solution: Transparent Data Encryption with Oracle Key Vault Result: Encrypted 50 databases containing sensitive customer data Benefit: Information protection throughout data lifecycle at scale with automated key management Diversified Telecommunications Company Situation: 1,000s of databases; recent breach led to evaluation of security practices, and how they could be improved Solution: Transparent Data Encryption and Oracle Database Vault Result: Most databases encrypted within the first year. Database Vault security realms protect data from privileged accounts Benefit: Confidentiality of data throughout the data lifecycle and protection from data loss from stolen privileged user credentials Top Global Bank Preventive Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 17 Detect Anomalies, Support Investigations
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Audit Data, Event Logs Database Firewall Network Events Audit Vault Monitor and Audit Enterprise Databases 18 Security Alerts SIEM Reports, Alerts Ad-hoc queries Security Analyst
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19 Situation: 100s of production databases containing sensitive IP; need to monitor for potential attacks and support compliance audits Solution: Oracle Audit Vault and Database Firewall Result: 200+ databases monitored within 3 months with regular reporting of audit information Benefit: Improved visibility and reporting for regulatory audits Multinational Semiconductor Company Situation: Need to comply with PCI DSS, SOX and GLBA Solution: Oracle Database Firewall Result: Monitoring of peak loads of 10k transactions/sec while maintaining database performance Benefit: Improved database traffic visibility Consumer Credit Reporting Company Situation: Public health record system; requirement for bank- strength security features Solution: Oracle Database Firewall Result: Monitoring access to health records in multivendor systems (Oracle MySQL, Sybase, IBM, MS SQL Server) to detect suspicious or inappropriate behavior Benefit: Improved posture for this patient “opt-in” service National Health Ministry Situation: Heterogeneous DB environment supporting over 700 stores in US, Canada, Japan, Australia and Mexico; requirement to comply with complex world-wide privacy regulations Solution: Oracle Audit Vault and Database Firewall Result: Monitor over 400 databases (Oracle, IBM DB2, Microsoft SQL Server) with daily activity reporting from audit logs Benefit: Improved security and streamlined compliance reporting North American Retailer Detective Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data-Driven Access Control Russ DE HR Franck FR Marketing Paolo SP Consulting Luca IT Corporate Karen NE Sales Bob US Eng Mary US Eng Jim CA Eng Leslie MX Eng
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21 Situation: Consolidated patient data; HIPAA/HITRUST requirement for patient consent prior to data sharing Solution: Oracle Label Security Result: Enforcement of data access based with labels indicating patient consent status Benefit: Compliance with HITRUST requirements with minimal system modifications US Healthcare Provider Situation: Hundreds of business analysts needing access to raw data, but not access to certain sensitive data elements Solution: Virtual Private Database Result: Column-level access controlled by data values Benefit: Analysts were able to access data objects without risk of proliferation of sensitive data Large Asset Management Company Situation: Securing multiple departmental applications from accessing Billing/utility data from diverse sources Solution: Real Application Security data realms/columns Result: Applications leverage common data access policy enforcement at database Benefit: Cost savings; no access controls per applications Electric Utility Service Provider Situation: Managing data for both commercial and government customers; US ITAR regulations Solution: Oracle Label Security Result: Ability to comply with ITAR requirements for data using existing information systems Benefit: Reduced systems and management costs Defense/Commercial Manufacturer Data-Driven Security Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Crypto Toolkit for Applications Row Level SecurityKey Management Data Encryption EVALUATE Comprehensive Database Security Controls PREVENT DETECT DATA DRIVEN SECURITY Security Configuration Sensitive Data Discovery Privilege Analysis DBA & Operation Controls Database Auditing Database Firewall Real Application Security Label based Security Centralized Monitoring Security Assessment Alerting & Reporting Data Redaction Data Masking and Subsetting 23 Defense in depth Security
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SECURITY INSIDE-OUT Security close to the data: Eliminates guesswork, maximizes performance, application transparency ENTERPRISE DEPLOYMENTS Across multiple systems: Operating systems, heterogeneous databases, applications, Cloud, … Oracle Database Security Strategy DEFENSE-IN-DEPTH SECURITY CONTROLS Overlapping controls: Encryption, masking, auditing, monitoring, access control, redaction, … ANTICIPATE THREATS & MITIGATE Transparent Data Encryption, DBA Control, Redaction, Masking, Privilege Analysis, DB Firewall, RAS, Cloud, … 24
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 25
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26
Best Practices for implementing Database Security Comprehensive Database Security

Recomendados

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
Markus Michalewicz
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vault
uzzal basak
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 

Recomendados

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
Markus Michalewicz
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vault
uzzal basak
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
Marco Alamanni
 
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2..."Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
Markus Michalewicz
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
boldonjames
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Glen Hawkins
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
Troy Kitch
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
 
Migration to Oracle Multitenant
Migration to Oracle MultitenantMigration to Oracle Multitenant
Migration to Oracle Multitenant
Jitendra Singh
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Oracle RAC - New Generation
Oracle RAC - New GenerationOracle RAC - New Generation
Oracle RAC - New Generation
Anil Nair
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginners
Pini Dibask
 
Introduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure ServicesIntroduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure Services
Knoldus Inc.
 
Oracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationOracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - Presentation
Markus Michalewicz
 
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Amazon Web Services
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
Markus Michalewicz
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Basic oracle-database-administration
Basic oracle-database-administrationBasic oracle-database-administration
Basic oracle-database-administration
sreehari orienit
 
Autonomous Data Warehouse
Autonomous Data WarehouseAutonomous Data Warehouse
Autonomous Data Warehouse
MarketingArrowECS_CZ
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Markus Michalewicz
 
Architecting a datalake
Architecting a datalakeArchitecting a datalake
Architecting a datalake
Laurent Leturgez
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
Camilo Fandiño Gómez
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
DataWorks Summit
 

Mais conteúdo relacionado

Mais procurados

"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2..."Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
Markus Michalewicz
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
boldonjames
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Glen Hawkins
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Amazon Web Services
 

Mais procurados (20)

Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2..."Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
"Changing Role of the DBA" Skills to Have, to Obtain & to Nurture - Updated 2...
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
 
Migration to Oracle Multitenant
Migration to Oracle MultitenantMigration to Oracle Multitenant
Migration to Oracle Multitenant
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Oracle RAC - New Generation
Oracle RAC - New GenerationOracle RAC - New Generation
Oracle RAC - New Generation
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginners
 
Introduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure ServicesIntroduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure Services
 
Oracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationOracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - Presentation
 
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Basic oracle-database-administration
Basic oracle-database-administrationBasic oracle-database-administration
Basic oracle-database-administration
 
Autonomous Data Warehouse
Autonomous Data WarehouseAutonomous Data Warehouse
Autonomous Data Warehouse
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
 
Architecting a datalake
Architecting a datalakeArchitecting a datalake
Architecting a datalake
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 

Semelhante a Best Practices for implementing Database Security Comprehensive Database Security

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
DataWorks Summit
 
Insights into Real World Data Management Challenges
Insights into Real World Data Management ChallengesInsights into Real World Data Management Challenges
Insights into Real World Data Management Challenges
DataWorks Summit
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Australia
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
Government Technology and Services Coalition
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Minh237839
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
scoopnewsgroup
 

Semelhante a Best Practices for implementing Database Security Comprehensive Database Security (20)

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
 
The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraThe Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
 
Insights into Real World Data Management Challenges
Insights into Real World Data Management ChallengesInsights into Real World Data Management Challenges
Insights into Real World Data Management Challenges
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Highly Automated IT
Highly Automated ITHighly Automated IT
Highly Automated IT
 
Data center Trends with Oracle
Data center Trends with OracleData center Trends with Oracle
Data center Trends with Oracle
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is next
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Bilbao oracle12c keynote
Bilbao oracle12c keynoteBilbao oracle12c keynote
Bilbao oracle12c keynote
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
 
Data Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening NewsData Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening News
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Best Practices for implementing Database Security Comprehensive Database Security

  • 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017
  • 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Privacy & Security Regulations Increasing World-Wide EU GDPR PCI NZPA APP APPI Ch GDPL HK PDPO Si PDPA Th OIA Ru DPA IT Act SAECTA MDPA APDPL CLPPL Art. 5 CDPL MPDPL FOIPPAPIPEDA NY DFS 500 48 State Data Privacy laws Patriot Act CIPHIPAA GLBA
  • 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 98M Target DEC ‘13 1B Yahoo Dec ’16 400M Friend Finder Dec ‘16 150M eBay May ‘14 200M Experian Mar ’14 US Voters 191M, Dec 15 150M Adobe Oct ‘13 56M Home Depot Sep ‘14 76M JPMC Oct ‘14 80M Anthem Feb ‘15 2M Vodafone Oct ‘13 42M Cupid Media Jan ’13 TBs IP Sony Nov ’14 2M Orange Feb/Apr ‘14 20M Credit Bureau 12M Telecom S. Korea Jan ‘14 22M Benesse Education Jul ‘14 Japan Espionage Kaspersky Jun ‘15 400GB IP Theft Hacking Team Jul ‘15 Carphone Warehouse Aug ’15 2.4M 4M Talk Talk Oct 15 50M Turkish Govt Apr ‘16 5M VTech Nov ‘15 30M BSNL Telco Journal Jul ‘15 Kmart Oct ‘15 11M Premera Blue Cross Mar ‘15 93M Mexico Voter Apr ‘16 154M US Voter Jun ‘16 32M Ashley Madison Jul ’15 US OPM, 22M Jun ’15 15M T-Mobile Oct ’15 4.6M Scottrade Oct ’15 55M Philippines Voter list Apr ‘16 4 Data Breaches are Exploding World-Wide 3.2M Debit cards Oct ‘16 Sabre Mar ‘16 CIA Apr ‘17 77M Edmodo May ‘17 143M Equifax July ‘17
  • 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data is Today’s Capital • Data breaches are exploding world-wide – Databases continue to be the prime target • Fast Evolving, Stringent Regulatory Landscape – Across industries and regions – Laws that aim to protect data and citizen privacy • Data Security Strategy – Protect against multiple threat actors and multiple vectors – With built-in, comprehensive security controls – For on-premise and cloud databases 5 But in the Wrong Hands, Data Becomes the New Liability
  • 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | XSS / Malware Changing Threat Landscape 6 Databases remain the Target Threat Actors Hackers OS Admin DBA Test & Dev End-Users Support SQL Injection Stolen Credentials Ransomware Physical Theft Privilege Escalation Network Sniffing Threat Vectors Middleware Applications Databases Operating System Network Storage Backup Threat Targets
  • 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
  • 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Evaluate Security Risks
  • 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9 Situation: Hundreds of databases distributed around the globe, scattered across dozens of acquired companies; no unified configuration standard Solution: Oracle Database Security Assessment (DBSAT) Result: Significant misconfigurations identified, leading to a single configuration standard being applied everywhere Benefit: Reduced risk of breach and easier security audits against a well-defined standard Global Oil Field Services Provider Situation: Thousands of Oracle Databases managed by silos of administrators; no comprehensive picture of databases’ security posture Solution: Continuous compliance monitoring with Oracle Enterprise Manager Database Lifecycle Management Pack Result: Near-real time alerts when any database configuration drift introduces security risk Benefit: Reduced audit costs, improved security Very Large Semiconductor Manufacturer Situation: Migrating SAP installation to a new infrastructure; desire to harden deployment at the same time Solution: Oracle Database Security Assessment (DBSAT) Result: Discovered many security issues including use of default SAP application account configured for password-less login Benefit: Potential production vulnerability avoided Global Auto Manufacturer Situation: Dozens of production databases with no model of where sensitive data resides making it difficult to apply suitable security policies and controls Solution: Sensitive Data Discovery with Oracle DB Security Result: 400+ columns of SSN & other sensitive data identified Benefit: Ability to apply appropriate security controls on data US Insurance Provider Evaluative Controls – Customer Use Cases
  • 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Prevent Data Compromise
  • 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Reducing the Risk from Malicious Users Oracle Database Vault 11 Separation of Duty Over Privileged Account Least Privilege Protect Sensitive Data Minimize impact to • Applications • Performance • High Availability • Operations Prevent Database Change
  • 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Disks Exports Backups Transparent Data Encryption Encrypted Storage d$f8#;!90Wz@Yg#3 Redacted Applications Data Redaction Oracle Advanced Security 12
  • 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Advanced Security Transparent Data Encryption (TDE) 13 Disks Exports Off-Site Facilities • Encrypts columns or entire tablespaces • Protects the database files on disk and on backups • High-speed performance • Transparent to applications, no changes required • Integrated with Oracle DB technologies Applications Encrypted Data Backups Clear Data d$f8#; !90Wz Yg#3R qR+% @Ue#3 R+%K# *HH$7 #9Vlka
  • 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | TDE Integration with Oracle Database 14 Database Technologies Example Points of Integration TDE Support High-Availability Clusters Oracle Real Application Clusters (RAC), Data Guard, Active Data Guard Backup and Restore Oracle Recovery Manager (RMAN), Oracle Secure Backup Export and Import Oracle Data Pump Export and Import Database Replication Oracle Golden Gate Pluggable Databases Oracle Multitenant Option Engineered Systems Oracle Exadata Smart Scans Storage Management Oracle Automatic Storage Management (ASM) Data Compression Oracle Standard, Advanced , and Hybrid Columnar Compression
  • 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Key Vault – Centralized Key Management 15 Oracle Wallet Upload & Download Oracle Database Online Master Key ASM Storage Nodes ASM Cluster File Systems (Encrypted) Online Master Key Credential File Upload & Download Java Keystore Upload & Download MySQL Keys Solaris Crypto Keys
  • 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Situation: Fourteen independent operating units consolidating different Oracle eBusiness Suite (EBS) instances; requirement to support migration and test Solution: Data Masking with eBusiness Suite templates Result: Substantial reduction in risk (and risk-mitigation costs) by removing sensitive data from non-production systems Benefit: Initial consolidation of three business units was accomplished in the first year Consumer Goods Manufacturer Situation: Hortonworks Hadoop with sensitive/classified information Solution: BigData SQL, Oracle Data Redaction and Virtual Private Database (VPD) across Oracle DB and Hadoop Result: Ability to restrict user access to sensitive data in data lake Benefit: Data from a single big data repository can be shared among agencies while maintaining adherence to data classification policies European Government Ministry Situation: Board of Directors mandate to encrypt databases for critical applications by end of 2017 Solution: Transparent Data Encryption with Oracle Key Vault Result: Encrypted 50 databases containing sensitive customer data Benefit: Information protection throughout data lifecycle at scale with automated key management Diversified Telecommunications Company Situation: 1,000s of databases; recent breach led to evaluation of security practices, and how they could be improved Solution: Transparent Data Encryption and Oracle Database Vault Result: Most databases encrypted within the first year. Database Vault security realms protect data from privileged accounts Benefit: Confidentiality of data throughout the data lifecycle and protection from data loss from stolen privileged user credentials Top Global Bank Preventive Controls – Customer Use Cases
  • 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 17 Detect Anomalies, Support Investigations
  • 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Audit Data, Event Logs Database Firewall Network Events Audit Vault Monitor and Audit Enterprise Databases 18 Security Alerts SIEM Reports, Alerts Ad-hoc queries Security Analyst
  • 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19 Situation: 100s of production databases containing sensitive IP; need to monitor for potential attacks and support compliance audits Solution: Oracle Audit Vault and Database Firewall Result: 200+ databases monitored within 3 months with regular reporting of audit information Benefit: Improved visibility and reporting for regulatory audits Multinational Semiconductor Company Situation: Need to comply with PCI DSS, SOX and GLBA Solution: Oracle Database Firewall Result: Monitoring of peak loads of 10k transactions/sec while maintaining database performance Benefit: Improved database traffic visibility Consumer Credit Reporting Company Situation: Public health record system; requirement for bank- strength security features Solution: Oracle Database Firewall Result: Monitoring access to health records in multivendor systems (Oracle MySQL, Sybase, IBM, MS SQL Server) to detect suspicious or inappropriate behavior Benefit: Improved posture for this patient “opt-in” service National Health Ministry Situation: Heterogeneous DB environment supporting over 700 stores in US, Canada, Japan, Australia and Mexico; requirement to comply with complex world-wide privacy regulations Solution: Oracle Audit Vault and Database Firewall Result: Monitor over 400 databases (Oracle, IBM DB2, Microsoft SQL Server) with daily activity reporting from audit logs Benefit: Improved security and streamlined compliance reporting North American Retailer Detective Controls – Customer Use Cases
  • 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data-Driven Access Control Russ DE HR Franck FR Marketing Paolo SP Consulting Luca IT Corporate Karen NE Sales Bob US Eng Mary US Eng Jim CA Eng Leslie MX Eng
  • 21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21 Situation: Consolidated patient data; HIPAA/HITRUST requirement for patient consent prior to data sharing Solution: Oracle Label Security Result: Enforcement of data access based with labels indicating patient consent status Benefit: Compliance with HITRUST requirements with minimal system modifications US Healthcare Provider Situation: Hundreds of business analysts needing access to raw data, but not access to certain sensitive data elements Solution: Virtual Private Database Result: Column-level access controlled by data values Benefit: Analysts were able to access data objects without risk of proliferation of sensitive data Large Asset Management Company Situation: Securing multiple departmental applications from accessing Billing/utility data from diverse sources Solution: Real Application Security data realms/columns Result: Applications leverage common data access policy enforcement at database Benefit: Cost savings; no access controls per applications Electric Utility Service Provider Situation: Managing data for both commercial and government customers; US ITAR regulations Solution: Oracle Label Security Result: Ability to comply with ITAR requirements for data using existing information systems Benefit: Reduced systems and management costs Defense/Commercial Manufacturer Data-Driven Security Controls – Customer Use Cases
  • 22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
  • 23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Crypto Toolkit for Applications Row Level SecurityKey Management Data Encryption EVALUATE Comprehensive Database Security Controls PREVENT DETECT DATA DRIVEN SECURITY Security Configuration Sensitive Data Discovery Privilege Analysis DBA & Operation Controls Database Auditing Database Firewall Real Application Security Label based Security Centralized Monitoring Security Assessment Alerting & Reporting Data Redaction Data Masking and Subsetting 23 Defense in depth Security
  • 24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SECURITY INSIDE-OUT Security close to the data: Eliminates guesswork, maximizes performance, application transparency ENTERPRISE DEPLOYMENTS Across multiple systems: Operating systems, heterogeneous databases, applications, Cloud, … Oracle Database Security Strategy DEFENSE-IN-DEPTH SECURITY CONTROLS Overlapping controls: Encryption, masking, auditing, monitoring, access control, redaction, … ANTICIPATE THREATS & MITIGATE Transparent Data Encryption, DBA Control, Redaction, Masking, Privilege Analysis, DB Firewall, RAS, Cloud, … 24
  • 25. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 25
  • 26. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26