Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements.
Whether you’re using an Autonomous Database or an Oracle DB system, Oracle Data Safe delivers essential data security capabilities as a service on Oracle Cloud Infrastructure.
This article has the following topics:
Features of Oracle Data Safe
Oracle Data Safe provides the following set of features for protecting sensitive and regulated data in Oracle Cloud databases, all in a single, easy-to-use management console:
- Security Assessment helps you assess the security of your cloud database configurations. It analyzes database configurations, user accounts, and security controls, and then reports the findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk.
- User Assessment helps you assess the security of your database users and identify high risk users. It reviews information about your users in the data dictionary on your target databases, and calculates a risk score for each user. For example, it evaluates the user types, how users are authenticated, the password policies assigned to each user, and how long it has been since each user has changed their password. It also provides a direct link to audit records related to each user. With this information, you can then deploy appropriate security controls and policies.
- Data Discovery helps you find sensitive data in your cloud databases. You tell Data Discovery what kind of sensitive data to search for, and it inspects the actual data in your database and its data dictionary, and then returns to you a list of sensitive columns. By default, Data Discovery can search for a wide variety of sensitive data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information.
- Data Masking provides a way for you to mask sensitive data so that the data is safe for non-production purposes. For example, organizations often need to create copies of their production data to support development and test activities. Simply copying the production data exposes sensitive data to new users. To avoid a security risk, you can use Data Masking to replace the sensitive data with realistic, but fictitious data.
- Activity Auditing lets you audit user activity on your databases so you can monitor database usage and be alerted of unusual database activities.
Key Concepts and Terminology
Understand the following concepts and terminology to help you get started with Oracle Data Safe.
Oracle Cloud Infrastructure
Oracle Cloud Infrastructure is a set of complementary cloud services that enables you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network. Oracle Data Safe is integrated as a service into Oracle Cloud Infrastructure.
Oracle Cloud Infrastructure Console
The Oracle Cloud Infrastructure Console is a simple and intuitive web-based user interface that you can use to access and manage Oracle Cloud Infrastructure. You also access the Oracle Data Safe Console through the Oracle Cloud Infrastructure Console.
A tenancy is a secure and isolated partition within Oracle Cloud Infrastructure where you can create, organize, and administer your cloud resources. When you subscribe to Oracle Data Safe, Oracle automatically creates a tenancy for you in Oracle Cloud Infrastructure, if necessary.
Regions and Availability Domains
Oracle Cloud Infrastructure is physically hosted in regions and availability domains. A region is a localized geographic area, and an availability domain is one or more data centers located within a region. A region is composed of one or more availability domains. Oracle Cloud Infrastructure resources are either region-specific, such as a virtual cloud network, or availability domain-specific, such as a compute instance.
Oracle Data Safe
Oracle Data Safe is a fully-integrated Cloud service focused on the security of your data. It provides a complete and integrated set of features for protecting sensitive and regulated data in Oracle Cloud databases.
Oracle Data Safe consists of a web application and an Oracle pluggable database (PDB) and resides in Oracle Cloud Infrastructure. The web application is the main user interface for Oracle Data Safe and is referred to as the Oracle Data Safe Console. The PDB is the repository for Oracle Data Safe and contains audit data and collected sensitive data for target databases. You can enable Oracle Data Safe in each region of your tenancy in Oracle Cloud Infrastructure.
Oracle Cloud Infrastructure Identity and Access Management (IAM)
The IAM service is the default, fully integrated, identity management service for Oracle Cloud Infrastructure. It lets you control who has access to your cloud resources, what type of access user groups have, and to which specific resources user groups have access.
Oracle Data Safe uses all the shared services in Oracle Cloud Infrastructure, including IAM. You can use the IAM service to set up user access to Oracle Data Safe.
In IAM, compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources, such as database instances, virtual cloud networks, and block volumes. A compartment should be thought of as a logical group and not a physical container. When you begin working with resources in the Oracle Cloud Infrastructure Console, the compartment acts as a filter for what you are viewing. A group requires permission by an administrator to access a compartment.
IAM User Groups
A user group in IAM is a collection of users who all need the same type of access to a particular set of resources or compartment. Tenancy administrators can create users and groups in the root compartment of a tenancy with the IAM service in Oracle Cloud Infrastructure. Oracle Data Safe retrieves user groups from IAM, but not individual users.
Oracle automatically creates a
tenancy administrator for you and adds it to the
This group has all permissions on all resources in
the tenancy, and is responsible for creating the
users, groups, and compartments for the
An IAM policy is a document that specifies who can access which resources in Oracle Cloud Infrastructure, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to your tenancy, the group automatically gets the same type of access to all the compartments inside your tenancy. Only tenancy administrators can create policies.
Oracle Data Safe Console
The Oracle Data Safe Console is the main user interface for Oracle Data Safe. Upon opening Oracle Data Safe, you are presented with a dashboard that lets you monitor system activity. The side tabs provide access to the main features. The top tabs provide access to registered target databases, the Library, reports, alerts, and jobs. In the upper right corner, you can access links to user security and data retention settings.
A target database is an Oracle Database on which Oracle Data Safe can perform user and security assessment, data discovery, data masking, and auditing.
A resource group is a logical structure in Oracle Data Safe that you can create to organize and control access to one or more Oracle Data Safe resources. For example, you can add multiple target databases to a resource group and then grant a user group access to the resource group, rather than to each target database. A resource group can contain target databases, sensitive data models, sensitive types, masking formats, masking policies, audit policies, audit trails, and reports. The Default Resource Group is available to all user groups for convenience.
Authorization Policies in Oracle Data Safe
Oracle Data Safe uses authorization policies to control user
group access to resource groups and features. For
each resource group, an Oracle Data Safe Administrator (or delegated administrator) can
grant a user group
manage, or no privileges for Oracle Data Safe features. Features are grouped as follows:
Assessment (User Assessment and Security
Assessment), Discovery and Masking, and Activity
grants read-only access to a feature's resources.
manage privilege enables a
user group to create, read, update, delete, and
delegate feature-related resources. Administrators
cannot create more privileges.
A sensitive type is a classification of sensitive data and defines the kind of sensitive columns to search for. For example, the US Social Security Number (SSN) sensitive type helps you discover columns containing Social Security numbers. Data Discovery searches for sensitive data in your cloud databases based on the sensitive types that you choose. You can choose from a wide variety of predefined sensitive types and can also create your own sensitive types.
Sensitive types are divided into categories. The top-level categories are Personal Identification Information (PII), Personal Biographic Information, Personal IT Information, Personal Financial Information, Personal Healthcare Information, Personal Employment Information, and Personal Academic Information. You can choose individual sensitive types or sensitive categories to search sensitive data.
Sensitive Data Models
A sensitive data model is a collection of sensitive columns and referential relationships. Data Discovery identifies sensitive columns and referential relationships and creates a sensitive data model. Data Discovery automatically searches the Oracle data dictionary to find relationships between primary key columns and foreign key columns and flags them as sensitive. It can also discover non-dictionary referential relationships, which are relationships defined in applications and not in the Oracle data dictionary.
A masking format defines the logic to mask sensitive data in a database column. For example, the Shuffle masking format randomly shuffles values in a column. The Email Address masking format replaces values in a column with random email addresses. Oracle Data Safe provides many predefined masking formats. If needed, you can create your own.
A masking policy maps sensitive columns to masking formats that should be used to mask the data. You can use a masking policy to perform data masking on a target database. You can create a masking policy using a sensitive data model. You can also use a previously created masking policy from the Library. You can download a masking policy as XML, modify it, and upload it to the same or a different Oracle Data Safe service.
An audit trail is a table in a
database that stores audit data. A widely used
audit trail is the
dictionary view. You can configure audit trails in
Oracle Data Safe. Usually, you configure only one audit trail
When audit data collection is enabled, Oracle Data Safe copies the audit data from the database's audit trail into the Oracle Data Safe audit table. You can start and stop audit collection as needed. In Oracle Data Safe, you can manage the size of a target database's audit trail by using the auto purge feature. You can manage the size of the Oracle Data Safe audit table by configuring a data retention period.
The Library in Oracle Data Safe is a repository that stores resources used for Data Discovery and Data Masking. Resources include sensitive types, sensitive data models, masking formats, and masking policies. When you create these resources, they are automatically saved to the Library.
An audit policy defines specific events to track in a target database. In Oracle Data Safe, you can provision basic audit policies, administrator and user activity audit policies, the Center for Internet Security (CIS) Recommendations policy, custom audit policies, and Oracle pre-seeded audit policies. After an audit policy is provisioned, the target database can begin to generate audit data.
An alert is a message that notifies you when a particular audit event happens on a target database. Alerts are displayed in table format on the Alerts page in the Oracle Data Safe Console. You can view total alert counts for target databases, alert severity levels, and alert statuses. You can also filter alerts on the page, create and delete custom alert reports, open and close alerts, and download an alerts report in PDF format.
An alert policy defines an event in a database to monitor. Alert policies are rule-based and triggered depending on the audit data being collected. If an alert’s rule definition is matched (for example, an administrator fails to log in to a target database), then Oracle Data Safe raises an alert and displays it on the Alerts page.
Activity Auditing provides predefined alert policies that you can activate within the Activity Auditing wizard. There is a policy for database parameters changes, failed logins by admin users, audit policy changes, user creation or deletion, and user entitlement changes.