12 Introduction to Oracle Data Redaction
Oracle Data Redaction is the ability to redact sensitive data in real time.
- What Is Oracle Data Redaction?
Redaction is the process of selectively removing or obscuring sensitive or confidential information from documents or databases. Oracle Data Redaction enables you to redact data that is returned from queries issued by applications. - When to Use Oracle Data Redaction
Unlike data masking, which masks sensitive data by permanently replacing it with fictitious but realistic data, data redaction masks data as it is received from the database, leaving the data in the database unchanged. - Benefits of Using Oracle Data Redaction
Oracle Data Redaction provides several benefits when you use it to protect your data. - Target Use Cases for Oracle Data Redaction
Oracle Data Redaction addresses common use case scenarios.
Parent topic: Using Oracle Data Redaction
12.1 What Is Oracle Data Redaction?
Redaction is the process of selectively removing or obscuring sensitive or confidential information from documents or databases. Oracle Data Redaction enables you to redact data that is returned from queries issued by applications.
You can redact column data by using one of the following methods:
-
Full redaction. You redact all of the contents of the column data. The redacted value returned to the querying application user depends on the data type of the column. For example, columns of the
NUMBER
data type are redacted with a zero (0
), and character data types are redacted with a single space. -
Partial redaction. You redact a portion of the column data. For example, you can redact a Social Security number with asterisks (*), except for the last 4 digits.
-
Regular expressions. You can use regular expressions to look for patterns of data to redact. For example, you can use regular expressions to redact email addresses, which can have varying character lengths. It is designed for use with character data only.
-
Random redaction. The redacted data presented to the querying application user appears as randomly generated values each time it is displayed, depending on the data type of the column.
-
Nullify redation. The Nullify redaction type redacts all the data in a column and replaces it with null values.
-
No redaction. The No redaction type option enables you to test the internal operation of your redaction policies, with no effect on the results of queries against tables with policies defined on them. You can use this option to test the redaction policy definitions before applying them to a production environment.
Oracle Database applies the redaction at runtime when users access the data (that is, at query-execution time). This solution works well in a production system. During the time that the data is being redacted, all of the data processing is performed normally, and the back-end referential integrity constraints are preserved.
Data redaction can help you comply with industry regulations such as Payment Card Industry Data Security Standard (PCI DSS) by, for example, helping to restrict access to card holder data by business need to know.
Related Topics
Parent topic: Introduction to Oracle Data Redaction
12.2 When to Use Oracle Data Redaction
Unlike data masking, which masks sensitive data by permanently replacing it with fictitious but realistic data, data redaction masks data as it is received from the database, leaving the data in the database unchanged.
Data Redaction enables you to easily disguise the data using several different redaction styles.
Oracle Data Redaction is ideal for situations in which you must redact specific characters out of the result set of queries of Personally Identifiable Information (PII) returned to certain application users. For example, you may want to present a U.S. Social Security number that ends with the numbers 4320 as ***-**-4320
.
Oracle Data Redaction is particularly suited for call center applications and other applications that are read-only. Take care when using Oracle Data Redaction with applications that perform updates back to the database, because redacted data can be written back to this database.
Parent topic: Introduction to Oracle Data Redaction
12.3 Benefits of Using Oracle Data Redaction
Oracle Data Redaction provides several benefits when you use it to protect your data.
These benefits are as follows:
-
Applies the redaction at runtime, with no impact on underlying data or storage requirements
-
Runs with little or no performance impact
-
Requires no application changes
-
Enables you to to specify and manage Oracle Redaction with scripts or through the Oracle Enterprise Manger user interface
-
Is available for both on-premises and cloud databases
Parent topic: Introduction to Oracle Data Redaction
12.4 Target Use Cases for Oracle Data Redaction
Oracle Data Redaction addresses common use case scenarios.
- Oracle Data Redaction for Sensitive Data in Read-Only Static Pages
Oracle Data Redaction enables you to redact sensitive data in application screens that have read-only static pages, such as dashboards and reports. - Oracle Data Redaction for Preventing Data Exposure by Management Tools
Oracle Data Redaction prevents sensitive data from being exposed by data management tools, such as tools for loading and viewing data. - Oracle Data Redaction to Prevent Disclosure of Data from Offline Analytics
Oracle Data Redaction prevents the disclosure of sensitive data to users who perform offline analytics on production data. - Oracle Data Redaction Use with Database Applications
Oracle Data Redaction protects sensitive data that is displayed in database applications. - Oracle Data Redaction with Ad Hoc Database Queries Considerations
You may encounter situations where it is convenient to redact sensitive data for ad hoc queries that are performed by database users.
Parent topic: Introduction to Oracle Data Redaction
12.4.1 Oracle Data Redaction for Sensitive Data in Read-Only Static Pages
Oracle Data Redaction enables you to redact sensitive data in application screens that have read-only static pages, such as dashboards and reports.
You can use Oracle Data Redaction to dynamically redact data for operational interfaces such as dashboards or reports. You can define a redaction policy on sensitive columns so that the data is redacted before it is passed to the application. Because the pages are for static display only, and data is not posted back to the database, redacted data would not be written back to the database and potentially corrupt records.
Parent topic: Target Use Cases for Oracle Data Redaction
12.4.2 Oracle Data Redaction for Preventing Data Exposure by Management Tools
Oracle Data Redaction prevents sensitive data from being exposed by data management tools, such as tools for loading and viewing data.
Many applications include tools that enable users to load and manage their data. An example could be an SaaS application that allows subscribers to bulk load and manage customer information. You can define a redaction policy on the sensitive data so that sensitive data is redacted when it is displayed to these users when they perform these administrative activities.
Parent topic: Target Use Cases for Oracle Data Redaction
12.4.3 Oracle Data Redaction to Prevent Disclosure of Data from Offline Analytics
Oracle Data Redaction prevents the disclosure of sensitive data to users who perform offline analytics on production data.
Oracle Data Redaction can be used to prevent the exposure of sensitive information to users who perform analytics on data that is contrained in a data warehouse. You can define a redaction policy on sensitive data so that it is redacted as it is retrieved from the database and displayed to the user of the analytics software.
Parent topic: Target Use Cases for Oracle Data Redaction
12.4.4 Oracle Data Redaction Use with Database Applications
Oracle Data Redaction protects sensitive data that is displayed in database applications.
Data Redaction is transparent to application users because it preserves the original data type and (optionally) the formatting. It is highly transparent to the database because the data remains the same in buffers, caches, and storage—only being changed at the last minute just before SQL query results are returned to the caller. The redaction is enforced consistently across all of the applications that use the same underlying database. You can specify which application users should see only redacted data by checking application user information that is passed into the database through the SYS_CONTEXT
function; you can redact data based on attributes of the current database or application user; and you can implement multiple logical conditions within a given redaction policy. In addition, Data Redaction is implemented in a way that minimizes performance overhead. These characteristics make Oracle Data Redaction particularly well suited for usage by a range of applications, analytics tools, reporting tools, and monitoring tools that share common production databases. Although its primary target is redaction of production data for applications, Oracle Data Redaction also can be used with custom data administration tools (where they are not issuing ad hoc queries).
Related Topics
Parent topic: Target Use Cases for Oracle Data Redaction
12.4.5 Oracle Data Redaction with Ad Hoc Database Queries Considerations
You may encounter situations where it is convenient to redact sensitive data for ad hoc queries that are performed by database users.
For example, in the course of supporting a production application, a user may need to run ad hoc database queries to troubleshoot and fix an urgent problem with the application. Even though Oracle Data Redaction is not designed to prevent data exposure to database users who run ad hoc queries directly against the database, it can provide an additional layer to reduce the chances of accidental data exposure. Because such users may have rights to change data, alter the database schema, and circumvent the SQL query interface entirely, it is possible for a malicious user to bypass Data Redaction policies in certain circumstances.
Be aware that Data Redaction does not place any restriction on the WHERE
clause of ad hoc SQL, so the WHERE
clause can be used in an iterative fashion to infer the actual data even when there is a Data Redaction policy on the queried column and only the redacted value is displayed.
Remember that the Oracle Database security tools are designed to be used together to improve overall security. By deploying one or more of these tools as a complement to Oracle Data Redaction, you can securely increase your overall security posture.
Related Topics
Parent topic: Target Use Cases for Oracle Data Redaction