Professional Documents
Culture Documents
1,800 Exabytes
2006 2011
Security Threats
Compliance Mandates
PCI
GLBA SB1386
300
630% Increase
200
100
Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach
Source: DataLossDB, Ponemon Institute, 2009
There has been a clear and significant shift from what was the widely recognized state of security just a few years ago. Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations, followed by application security (86%).
Market Overview: IT Security In 2009 - Jonathan Penn, April 22, 2009
Configuration Management
Access Control
Audit Vault
Total Recall
Database Vault
Encryption and Masking
Label Security
Advanced Security
Secure Backup
Data Masking
Advanced Security
Secure Backup
Data Masking
Backups
Exports
Application
Off-Site Facilities
No application changes required Efficient encryption of all application data Built-in key lifecycle management Works with Exadata V2 Smart Scans Works with Oracle Advanced Compression
10
Standard-based encryption for data in transit Strong authentication of users and servers
11
Secure data archival to tape or cloud Easy to administer key management Fastest Oracle Database tape backups Leverage low-cost cloud storage
12
Production
LAST_NAME AGUILAR SSN 203-33-3234 SALARY 40,000
Non-Production
LAST_NAME SSN SALARY
ANSKEKSL
BKJHHEIEDK
11123-1111
222-34-1345
40,000
60,000
BENSON
323-22-2943
60,000
Remove sensitive data from non-production databases Referential integrity preserved so applications continue to work Extensible template library and policies for automation
13
Business Challenges
Solution
Business Results
Addressed internal and external requirements Leveraged Oracle Advanced Security integration
with Hardware Security Modules for network based management of TDE master encryption key
14
Business Challenges
Solution
Business Results
of data encryption with no application changes Protection of sensitive data at rest and on backup media
15
Business Challenges
Solution
Business Results
16
Access Control
Database Vault
Encryption and Masking
Label Security
Advanced Security
Secure Backup
Data Masking
17
Procurement HR
DBA
Application
Finance select * from finance.customers
DBA separation of duties Limit powers of privileged users Securely consolidate application data No application changes required Works with Oracle Exadata V2 Database Machine
18
Procurement HR
Application
Rebates
Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors Out-of-the box policies for Oracle applications, customizable
19
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential
Sensitive
Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in other policies
20
Business Challenges
Solution
Business Results
21
Business Challenges
medical data and employee data in PeopleSoft Comply with internal policies and external regulations (HIPAA, SOX, Privacy Laws) Prevent privileged user access to sensitive data Deployed Oracle Database Vault with out-of-the-box PeopleSoft protection policies Took 14 days to go production
Solution
Business Results
Complied with HIPAA and other privacy regulations Passed external audit Saved on consulting costs and deployment time by using
the out-of-the-box Database Vault protection policies Deployed Database Vault with minimal changes to existing internal processes and procedures
22
Business Challenges
Solution
Business Results
Secure the third party billing system without any application changes Comply with internal, European, and country-specific privacy laws Cost effective preventive controls against any tampering or deletion of
database objects or users Maintain good performance without buying additional hardware
23
Configuration Management
Access Control
Audit Vault
Total Recall
Database Vault
Encryption and Masking
Label Security
Advanced Security
Secure Backup
Data Masking
24
!
Audit Data
CRM Data
ERP Data
Databases
Auditor
Consolidate audit data into secure repository Detect and alert on suspicious activities Out-of-the box compliance reporting Centralized audit policy management
25
Transparently track data changes Efficient, tamper-resistant storage of archives Real-time access to historical data Enables forensics and error correction
26
Assess
Prioritize
Fix
Vulnerability Management
Database discovery Continuous scanning against best practices Detect and prevent unauthorized configuration changes Change management compliance reports
27
Business Challenges
across 10 Oracle and SQL Server databases Took 3 months and 2 part time people to create the audit reports for yearly audit No monitoring for insider threats Oracle Audit Vault consolidated reporting on audit data from Oracle and SQL Server Oracle Audit Vault consolidation of audit data removed DBA from audit review process
Solution
Saved 100s of hours in report generations Worked with auditors to create customized reports
Business Results
from the out-of-the box default reports for personalized content Estimated return on investments in less than 18 months
28
Business Challenges
auditing already turned on Need for reports and no resource or budget to create and review them
Solution
Oracle Audit Vault audit data collection and secure centralized storage Audit Vault proactively monitors privileged user access violations, failed database logins, and generates forensic data
Business Results
Passed internal audits Automated reporting on credit card transactions Secure consolidation of audit data Detected policy violations of database activity Deployed in production in 3 months
29
Business Challenges
auditing already turned on Need for reports and no resource or budget to create and review them
Solution
Oracle Audit Vault audit data collection and secure centralized storage Audit Vault proactively monitors privileged user access violations, failed database logins, and generates forensic data
Business Results
Passed internal audits Automated reporting on credit card transactions Secure consolidation of audit data Detected policy violations of database activity Deployed in production in 3 months
30
Configuration Management
Access Control
Audit Vault
Total Recall
Database Vault
Encryption and Masking
Label Security
Advanced Security
Secure Backup
Data Masking
31
database security
oracle.com/database/security
32
33
34