Securing Your Database with Oracle Data Safe
I'm an IT professional of over 10 years of experience working with various multi-national organizations. I currently serve with Oracle as a Cloud Architect. I specialize in cloud solutions & I have a keen interest in cybersecurity. I advocate cloud security best practices & governance & have enabled many clients achieve higher security postures & compliance on the cloud while adhering to requirements from regulatory bodies. I also aspire to be a web developer & in the process of being a self-taught web developer.
Introduction
Data is an organization's most critical asset which if not protected, becomes a huge liability. Databases containing sensitive data, such as personally identifiable information (PII), personal financial information, and personal healthcare information, are vulnerable to external & even internal threats looking to steal data for financial, strategic, or personal gain, or simply to cause business disruption.
In terms of having ownership of data, organizations are required to be compliant in Data Protection Laws. The following are a few laws you may be familiar with.
- General Data Protection Regulation (GDPR)
- Payment Card Industry's Data Security Standard (PCI DSS)
- Sarbanes Oxley (SOX)
- Health Insurance Portability & Accountability Act (HIPAA)
In addition to the above, there are also other global & country-specific laws which addresses data protection.
Attackers are constantly looking at ways of gaining illegitimate access into enterprise systems by exploiting vulnerabilities in user credentials, applications & configurations of databases.
How do you manage against a legion of attackers who have all the infrastructure, the tools, & the time, when you don’t? Oracle provides top-in-class security for the computing infrastructure of its cloud databases, including encryption by default, separation of duty, and proactive security patching. But organizations need to further secure their databases by understanding their own data, their own users & their configurations.
What is Oracle Data Safe?
Image credits: 4iapps.com
Oracle Data Safe offers a protection mechanism for Oracle databases which helps organizations to:
- understand the sensitivity of data
- evaluate risks to data
- mask sensitive data
- implement & monitor security controls
- assess user security
- monitor user activity
- address data security compliance requirements
Oracle Data Safe Features
- Security Assessment allows organizations to assess the security of their database configurations. It analyzes database configurations, user accounts, and security controls, and then reports the findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk.
- User Assessment looks into the security assessments of your database users & identify high risk users. It reviews information about your users in the data dictionary on your target databases & calculates a risk score for each user. For an instance, it examines the user types, how users are authenticated, the password policies assigned to each user & how long it has been since each user has changed their password. It also provides a direct link to audit records related to each user. With this information, organizations can then deploy appropriate security controls and policies.
- Data Discovery helps organizations to identify sensitive data in its databases. Data Discovery can be instructed to search for a particular kind of sensitive data & it inspects the actual data in the database & its data dictionary & then provisions a list of sensitive columns. By default, Data Discovery can search for a wide variety of sensitive data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information.
- Data Masking is a mechanism for you to mask sensitive data so that the data is safe for non-production purposes. For an instance, organizations are often required to create copies of their production data to support development and test activities. Simply copying the production data exposes sensitive data to new users. To avoid a security risk, you can use Data Masking to replace the sensitive data with realistic, but fictitious data.
- Activity Auditing allows security admins to audit user activity on databases which also allows them to monitor database usage.
- Alerts keep you informed of unusual database activities as they happen.
What Databases can I Protect with Oracle Data Safe?
Oracle Data Safe allows you to protect a variety of Oracle databases which includes Autonomous Databases & DB systems (Bare Metal, Virtual Machine, and Exadata), on-premises Oracle Databases, and Oracle Databases on compute instances in both Oracle Cloud Infrastructure (OCI) and non-Oracle cloud environments.
Image credits: Oracle Data Safe Architecture
Oracle Data Safe in Action
I hope this was insightful. Thank you for reading & I shall share more write ups in my next blog post.
