Oracle Data Safe Overview Video Script

Introduction

Organizations rely on databases to manage their most critical asset – the data. But if not well protected, this data could become their biggest liability. According to industry reports, almost one third of the attacks are performed by internal actors, and over half of internal attacks are on databases.

Sensitive data, such as personally identifiable information, personal financial information, and personal healthcare information, make databases attractive targets for hackers and even insiders, who are looking to steal data for monetary, strategic, or personal reasons, or just to disrupt business. By law, organizations must comply with Data Protection Regulations, such as the European Union’s General Data Protection Regulation (GDPR), Payment Card Industry's Data Security Standard (PCI DSS), Sarbanes Oxley (SOX), and many such data protection laws across the globe. Hackers try to exploit weaknesses in user credentials, applications, and database configurations in both production and non-production databases.

How do you manage against a legion of attackers who have all the infrastructure, the tools, and the time, when you don’t? Oracle provides top-in-class security for the computing infrastructure of its databases, including encryption by default, separation of duty, and proactive security patching. But organizations need to further secure their databases by understanding their own data, their own users, and their configurations.

Introducing Oracle Data Safe, a fully integrated cloud service that helps you secure your data and address compliance requirements. With Data Safe, you can assess the security of your database configurations, find your sensitive data, mask that data in development and test environments, discover the risks associated with database users, and monitor database activity - all from a single, easy-to-use database security control center.

Secure Your Cloud Databases

Poor database configurations, such as weak password policies, insufficient control of over-privileged accounts, and lack of activity monitoring, are the most common causes of database vulnerabilities.

In Data Safe, Security Assessment provides you an overall picture of your database’s security posture. It analyzes database configurations, users and user entitlements, and security policies to uncover security risks and improve the security posture of Oracle Databases within your organization.

Security Assessment provides a comprehensive assessment for your target database to help you to understand potential risks. At a glance, you get an overall picture of the security status across your databases. The assessment highlights remediation steps and findings related to GDPR (General Data Protection Regulation), CIS (Center for Internet Security), and STIG (Security Technical Implementation Guide), making it easier for you to identify the required security controls. Security Assessment also lets you monitor and get notified about security drift on your target databases. You get an overview of all changes to your security configurations and their corresponding risk levels.

Find Your Sensitive Data

Protecting sensitive data begins with knowing what sensitive data you have and where it’s located. In Data Safe, Data Discovery inspects the actual data and the Database Dictionary to find sensitive data on your target database. The search results in a sensitive data model consisting of sensitive columns, estimated row counts, and optionally, sample data for your validation. You can also view totals about your sensitive data and drill down into a chart to view breakdowns of sensitive types.

Data Discovery includes a comprehensive and extensible library of sensitive types, which are grouped by identification, biographic, IT, financial, healthcare, employment, and academic information to make it fast and easy to search for sensitive data.

Mask Sensitive Data for Development and Test Environments

For many applications, organizations may need to create several copies of production data to support development and test activities. If you simply copy your production data as is, your sensitive data becomes exposed to new users, increasing your attack surface. For better security, database copies should have sensitive data replaced with realistic, but fictitious, data so that even if attackers succeed in gaining access to the data, they cannot benefit from the fake masked data.

In Data Safe, Data Masking simplifies the job of masking data with over 60 predefined masking formats. For example, you can shuffle the data in a column, replace data with random dates, and substitute phone numbers with generic ones. You can also create your own masks.

Understand User Risks

Many questions need to be answered to understand user risks. Which database accounts have powerful roles, like Database Administrator, Database Vault Administrator, or Audit Administrator? Who all can make changes that seriously impact the system, access sensitive data, and grant access to unauthorized users? Are some user accounts at risk of being taken over by attackers because passwords haven’t been changed in a long time?

In Data Safe, User Assessment answers these questions and more to help you identify highly privileged accounts that could pose a threat if misused or compromised. Administrators can then deploy appropriate security controls and policies to ensure the ongoing security of the databases.

User Assessment also lets you monitor and get notified about any user or entitlement changes.

Monitor Database Activity

You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being hacked or misused. Activity Auditing allows you to provision and enable audit policies on your Oracle databases so that you can monitor critical database changes, administrator and user activities, activities required for compliance purposes, and activities defined by your own organization. As your audit data is generated, Activity Auditing collects your audit data and stores it in the Data Safe repository.

Activity Auditing provides a wide range of interactive audit reports, each showing activities across some or all of your databases. For example, the All Activity report is a comprehensive report that contains every audited activity and has several filter options. You can download a report as a spreadsheet or PDF file, which is useful for compliance purposes.

Generate Alerts

It’s also important to be alerted on certain database activities as they occur, for example, when database parameters or audit policies change, when an administrative user login fails, when users are created or deleted, or when user entitlements, database schemas, or profiles change.

The All Alerts report summarizes all the alerts that have been raised, including How severe is the risk? Who did what? On which database? When?

Conclusion

Safeguarding your data just got a whole lot easier. With Oracle Data Safe, you can secure all of your Oracle databases running in Oracle Cloud, on-premises, and in other cloud environments.

Oracle Data Safe. Ensure your critical data assets do not become a liability.

To learn more, visit Data Safe’s web page (https://www.oracle.com/security/database-security/data-safe).