Browser version scriptSkip Headers

Oracle® Fusion Applications Security Guide
11g Release 5 (11.1.5)
Part Number E16689-05
Go to contents  page
Contents
Go to Feedback page
Contact
Us

Go to previous page
Previous
Go to previous page
Next

12 Enforcement Across the Information Life Cycle

This chapter contains the following:

Secure Information Life Cycle: Explained

Types of Sensitive Data: Explained

Protecting Sensitive Data: Points To Consider

Secure Information Life Cycle: Explained

The information life cycle of a business is the movement of products and data from beginning to end through the following stages.

Oracle Fusion Applications data security policies are applicable and active at each stage.

Oracle Fusion Applications optionally respects the Information Life Cycle Management policies that your enterprise establishes based on business goals and drivers. These policies likely adhere to the following.

Oracle Fusion Applications provides encryption application programming interfaces (APIs) to protect sensitive fields in application user interfaces. Oracle Fusion Applications is certified to use the Oracle Advanced Security option for the Oracle database. Oracle Fusion Applications deploys with features of this option, such as Transparent Data Encryption (TDE) and Oracle Database Vault (ODV), enabled if installed. TDE and ODV provide information life cycle protections such as the following.

With these protections, database administrators do not have access rights to select from tables in applications that they administer. Oracle Fusion encrypts sensitive data as it is written to file, either on disk or in backup. Network security protects sensitive data in transit. Sensitive data is masked when you create test databases from production databases.

Access Restrictions on Entitled Users

Oracle Database Vault (ODV) establishes limitations on the power of entitled users to access sensitive data through segregation of duties policies on database administrator (DBA) roles and by securely consolidating application data in the database.

These limitations prevent DBAs and other privileged users from overriding the protections placed on sensitive data by the Virtual Private Database (VPD). Oracle Fusion Applications deploy with ODV enabled when ODV is installed.

Oracle Database Vault remains enabled during patching.

A single realm protects Oracle Fusion Applications data. DBA's do not have select privileges within the realm within which the applications data resides. You can extend that realm to include integrations with applications that are not Oracle Fusion applications. You can establish subset realms within the Oracle Fusion Applications realm. Adding realms to your Oracle Fusion Applications deployment is a custom implementation.

Transparent Data Encryption

Transparent Data Encryption (TDE) protects confidential data, such as credit card and social security numbers.

Database users need not take any action to decrypt the data when accessed. Decryption is transparent. To prevent unauthorized decryption, transparent data encryption stores the encryption keys in a security module external to the database.

TDE does not require administrators to manage key storage or create auxiliary tables, views, and triggers. You control encryption policies in the Advance Security Option of the Oracle Database.

For more information on TDE, see the Oracle Database Advanced Security Administrator's Guide.

Types of Sensitive Data: Explained

Sensitive data is any data that should not be accessed by everyone or without restriction.

Information lifecycle context and business justifications determine what data is sensitive. Oracle Fusion Applications security protects types of sensitive data variously, depending on access circumstances.

Note

Oracle Fusion Applications encryption application programming interfaces (APIs) mask data such as credit card numbers in application user interface fields. For encryption and masking beyond that, Transparent Data Encryption (TDE) and Oracle Database Vault are certified but optional with Oracle Fusion Applications.


Type of Data

Life Cycle Phase

Protection provided by:

Tool

Oracle Fusion Application data

All

Access restrictions and segregation of duties

Oracle Database Vault, single realm

Sensitive

Installation

Transparent data encryption

Oracle Advanced Security (OAS) and Transparent Data Encryption (TDE)

 

Implementation

Transparent data encryption

OAS and TDE

 

Test

Data Masking

Oracle Data Masking

 

Production and change control

Transparent data encryption

OAS and TDE

 

Archive and purge

Transparent data encryption

OAS and TDE

 

Data at rest

Transparent data encryption

OAS and TDE

 

Data in transit

Network encryption

Network Data Encryption and Data Integrity features of Oracle Advanced Security

Oracle Fusion Applications deploy with Transparent Data Encryption enabled at the tablespace level. Information on disc is encrypted and is transparently decrypted by the database server process.

Oracle Fusion Applications deploy with a Data Masking Pack in Oracle Enterprise Manager allowing clones of the production database to be created with sensitive data masked.

Sensitive Data At Rest

Transparent Data Encryption (TDE) protect sensitive data at rest.

Sensitive Data In Transit

Network Data Encryption and Data Integrity features of Oracle Database Advanced Security protect sensitive data when it is transmitted over the network.

Sensitive Data in Custom Fields

You can use Oracle Data Finder to discover sensitive information in custom fields.

Sensitive Data in Non-production Databases

Data masking removes sensitive data from non-production copies of the database such as when leaving a production environment to conduct testing or when outsourcing, off-shoring, or sharing data with partners.

Note

Regulations such as HIPAA (the Health Insurance Portability and Accountability Act) in the US, and the Data Protection Directive in the European Union mandate the protection of sensitive data.

Oracle Data Masking replaces the sensitive data with randomly generated meaningless data to preserve the integrity of the applications that refer to the data. Once removed, the data cannot be recovered in the non-production copies of the database.

Oracle Fusion Applications use an extensible library of templates and policies to automate the data masking process when you create a clone of your production database. The templates change personal and sensitive data, but preserve the accuracy of enough data to support realistic testing. Validation, formatting, and syntax rules, such as Vertex requirements for a valid combination of city, state and zip code, limit the level of data masking to levels of destruction that preserve realistic testing but are therefore less protective. For example meaningful payroll or tax tests may require addresses to remain unmasked at the state level.

Manage masking definitions using Oracle Enterprise Manager. A masking definition identifies the mask format for the sensitive data and the schema, table, and column of the sensitive attributes. The masking format can be set to generate realistic and fully functional data in place of sensitive data depending on your security requirements and the usage of the cloned database.

For information on viewing data masking definitions, see the Oracle Fusion Applications Administrator's Guide.

For more information on TDE, see the Oracle Database Advanced Security Administrator's Guide.

For information on settings and deployment options to protect sensitive data, see the Oracle Fusion Applications Security Hardening Guide.

For information on settings and deployment options to protect sensitive data, see the Oracle Fusion Applications Security Hardening Guide.

Protecting Sensitive Data: Points To Consider

Sensitive attributes include personally identifiable information(PII) and non-PII attributes.

As a security guideline, consider protecting copies of the sensitive data, as well as the live system.

Oracle Transparent Data Encryption (TDE) prevents access to PII in the file system or on backups or disk. Oracle Virtual Private Database (VPD) protects PII from users with DBA access, and Oracle Data Vault (ODV), if installed, prevents this protection from being overridden. Oracle Data Masking protects PII and sensitive data in cloned databases.

Encryption APIs

Oracle Fusion Applications uses encryption application programming interfaces (APIs) to mask sensitive fields in application user interfaces such as replacing all but the last four digits of a credit card with a meaningless character.

Data Masking Templates

Oracle Data Masking is available for masking data in non-production instances or clones.

Oracle Fusion Applications optionally provides predefined data masking templates as a starting point for use with the Oracle Enterprise Manager Data Masking Pack. The templates specify the tables and columns being masked and the masking formats. Determine the needs of your enterprise or the purpose of database clones and make modifications accordingly by adding or removing the tables and columns being masked, and changing masking formats.

Oracle Enterprise Manager provides views of masked tables and columns.

Warning

Oracle Data Masking converts non production data irreversibly. For example, you can mask data in formats that allow applications to function without error, but the data cannot be reconstituted.

Non-production phases require realistic data, which potentially precludes masking all sensitive data.

Tip

Offset the danger of gaps in masking with business processes that limit unauthorized view of sensitive data. For example, apply the same policies for handling Human Resources (HR) data to testers as are applied to Human Capital Management (HCM) staff. Provide individual test accounts provisioned with limited roles rather than generic accounts with widely known passwords. The processes for accessing test data should mirror the processes for accessing the live data on which the test data is based.

For more information, see Data Masking Best Practices, an Oracle White Paper on Oracle Technology Network at http://www.oracle.com/technetwork.

For information on column masking and using Oracle Virtual Private Database to control data access, see the Oracle Database Security Guide.

For information on settings and deployment options to protect sensitive data, see the Oracle Fusion Applications Security Hardening Guide.

Masking Formats

Masking formats rely on a PL/SQL function or table of values to pick masked values.

The maximum length of the random string format used to mask data is 4000 characters. For performance reasons, set these strings only as large as necessary to preserve uniqueness on a unique column. For a non-unique column, set the random string smaller.

Random string and number formats are not available in compound masking.

Most masking formats mask the same values in a table consistently. Applying format shuffling on distinct data such as marital status changes the distribution of values (number of records with each value).

Oracle Fusion Applications uses Oracle Data Masking to mask values in a single column consistently across all masking formats rather than mask for generalization to prevent inference-based attacks.

When the group column is specified with a group number the columns from the same table with the same group number are masked consistently.

Oracle Data Masking supports compound masking or tuple masking of a group of columns with the following formats and no conditions.