2. 5 Questions Your Business May Ask
1• Can we guarantee privacy of our customer data?
2• Have we suffered any breaches?
3• Do the DBAs know the financial results before the
management?
4• Are we in compliance with all regulations?
5• Can we secure our existing applications?
3.
4.
5.
6.
7. How is Data Compromised?
Source: Verizon 2010 Data Breach
Investigations Report
8. Typical current security architecture
database application
data center
• Sensitive information created & secured in the database
• Backups are secured
• Access to sensitive database tables controlled
• Information is transmitted securely to the application
• Database to application
• Server to client (application to browser)
• IDM technologies secure access to the application
9. Oracle Database Security
Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall
Monitoring and Blocking
• Oracle Database Firewall
10. Oracle Database Vault
Enforce Security Policies Inside the Database
Security
DBA
Procurement Application
DBA
Application HR
Finance
select * from finance.customers
DBA
• Automatic and customizable DBA separation of duties and protective realms
• Enforce who, where, when, and how using rules and factors
• Enforce least privilege for privileged database users
• Prevent application by-pass and enforce enterprise data governance
• Securely consolidate application data or enable multi-tenant data management
11. Oracle Data Masking
Irreversibly De-Identify Data for Non-Production Use
Production Non-Production
LAST_NAME SSN SALARY LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 60,000
BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000
Data never leaves Database
• Make application data securely available in non-production environments
• Prevent application developers and testers from seeing production data
• Extensible template library and policies for data masking automation
• Referential integrity automatically preserved so applications continue to work
12.
13.
14.
15.
16. You have secured the perimeters…
… but digital information is no respecter of perimeters!
Email
File system
SharePoint
Intranet/
Extranet
Content
Management
17. Which perimeter are we talking about?
Many business processes involve external parties
Email
File system
SharePoint
Intranet/
Extranet
Content
Management
18. Typical methods for securing desktops
Prevent use of
OS access control external services
Encrypt disk Prevent use of
external devices
Encrypt content
(PGP) Monitor information flow
(DLP)
• Buying all these solutions is expensive
• What about partners, customers, suppliers?
• Massively restrict end users ability to work
• Protect the content instead of location!
21. This User Doesn’t Have Rights to View
Even if stored on a local file system or external drive
Access
can be
revoked
at any time
22. This User Only Has Read Access
No printing, editing or screen captures…
Partner
User can view
document in
MS Word, but
take screenshot
and paste….
23. Oracle Information Rights Management
Securing all copies of your sensitive information
Enterprise perimeters
Email
File systems
ECM Supplier
Customer
Intranet/
Databases extranet
Oracle IRM Server
Partner
• Everywhere IRM-encrypted content is stored, transmitted or used
• NO ACCESS FOR UNAUTHORIZED USERS
• Transparent, revocable access for authorized users
• Centralized policy and auditing for widely distributed content
• Content security beyond the database, application and firewall
24. Oracle Security Inside Out
Database Security
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
• User Provisioning
• Role Management
• Entitlements Management
Information • Risk-Based Access Control
• Virtual Directories
Infrastructure
Databases
Information Rights Management
Applications • Document-level Access Control
Content • All copies, regardless of location
(even beyond the firewall)
• Auditing and Revocation
Oracle Confidential
24