This chapter introduces Enterprise Data Governance and describes how to use the feature to protect sensitive data. The chapter includes the following sections:
This section provides a brief overview of Enterprise Data Governance. The section covers the following topics:
Enterprise Data Governance offers a comprehensive solution for identifying, securing, managing, and tracking sensitive data in the data center. The solution involves a two-pronged approach to provide this protection:
Perform user-initiated and automatic discovery on a regular basis of databases that potentially contain sensitive data. This is metadata discovery, also referred to as a shallow scan, so-called because it looks only at metadata involving schema, table, and column name patterns.
Perform user-initiated discovery of sensitive data in databases identified by the metadata discovery. This is data discovery, also referred to as a deep scan, so-called because it drills down in the actual data, looking for matches to user-supplied sensitive types and object-level protection details.
Enterprise Data Governance forms the first steps in the recommended workflow to mask sensitive data:
Discover databases that potentially contain sensitive data.
Aided by (but not limited to) the results of discovering database candidates, drill down to the data within the tables and columns of databases to further identify sensitive data.
Armed with the results of this discovery, flag columns as sensitive and identify them within the context of an Application Data Model (ADM).
Select these columns within an ADM and apply masking formats to protect the data in the testing environment.
A Protection Policy defines a security mechanism for protecting a sensitive data object. It controls the way a sensitive data object is protected. After a policy is created for a sensitive object, it serves as a template that can be applied to all the sensitive data objects of a similar type and structure. This ensures that a sensitive data object is protected consistently no matter where it is present in the database cloud.
A Protection Policy maps to a security feature available in Oracle Database. Metadata discovery identifies databases that contain objects that are protected via one or more of the following database security features:
Transparent Data Encryption (TDE)–A database feature that automatically encrypts data when it is written to the database and automatically decrypts data when accessed.
Data Redaction–A database feature that protects data by presenting a masked version of the data to nonprivileged users. The masked version of the data preserves the format and referential integrity of the data, so any application that uses the data continues to work as expected.
Virtual Private Database (VPD)–A database feature that enforces data access at the row and column level, using security conditions to protect the data.
Oracle Label Security (OLS)–A database feature that provides data classification and control access using security labels.
Metadata discovery checks for each security feature listed. The scan does not, however, collect protection policy details, nor does it necessarily scan for all the policies. Any protection policy found is sufficient to flag the database as potentially sensitive. This strategy keeps the scan fast and lightweight.
An application signature is a set of database objects such as schemas, tables, and views that uniquely identifies a specific application. A database that contains these objects is assumed to contain the application and is noted as a sensitive database candidate. Oracle supplies signatures for the following applications:
You can also create custom application signatures, see Creating Custom Application Signatures.
This section covers the following topics:
Enterprise Data Governance provides the means to identify databases within the enterprise that potentially contain sensitive data, and then to evaluate the data within these candidates to determine if sensitive data exists.
The Enterprise Data Governance dashboard summarizes discovery activity and provides links to:
Review the results of sensitive discovery jobs (see Working with Sensitive Database Discovery Results).
Manage and review metadata discovery jobs (see Working with Metadata Discovery Jobs).
Manage and review data discovery jobs (see Working with Data Discovery Jobs).
Create application signatures (see Creating Custom Application Signatures).
You can also manage the Application Data Model (ADM) environment and sensitive column types from the dashboard. See Chapter 2, "Application Data Modeling," in the Oracle Data Masking and Subsetting Guide for information on these activities.
To navigate to the dashboard within the Cloud Control console, select Databases on the Targets menu, then select Enterprise Data Governance on the Security menu. Whenever you navigate away from the dashboard, use the Enterprise Data Governance bread crumb at the top to return.
On the Sensitive Database Discovery Summary page, you can perform the following tasks:
Review databases discovered to have sensitive data or considered to be sensitive data candidates.
Create a metadata discovery job (see Creating a Metadata Discovery Job).
Create a data discovery job (see Creating a Data Discovery Job).
Click a number in a metadata column to see a pop-up list of items found. For example, click the number in the Data Protections column to see which data protections are in play for the database candidate.
Click the database name itself to open the database instance home page.
On the Metadata Discovery Jobs page, you can perform the following tasks:
Create a metadata discovery job (see Creating a Metadata Discovery Job).
Manage automatic metadata discovery.
Manage job results.
Since a metadata discovery job looks only at schema, table, and column name patterns but not at the data itself, there are no database credentials required to execute the job.
Run a metadata discovery job to scan database metadata looking for candidates that potentially contain sensitive data.
Creating a metadata discovery job involves the following steps:
Automatic metadata discovery happens independent of user-initiated metadata discovery and ties directly to target discovery. By default, whenever a database is discovered as part of target discovery, the metadata discovery job runs on that database. You can disable this feature by choosing Disable Metadata Discovery During Target Discovery from the Automatic Metadata Discovery drop-down menu. You may want to disable the feature if you want more control over when the metadata discovery job is run and on which databases. When you disable the feature, the menu selection toggles to Enable metadata discovery during target discovery so you have the option of resuming automatic metadata discovery.
You can also choose to retain the feature but with a different set of criteria. Out-of-box criteria for automatic metadata discovery uses Oracle-defined sensitive column types, data protection policies, and application signatures, but you can change the default settings and add user-defined entities as well. Select Edit Automatic Metadata Discovery Parameters from the Automatic Metadata Discovery drop-down menu to edit the criteria.
The results of a metadata discovery job help you ascertain which databases actually contain sensitive data and the nature of the sensitivity.
Work with metadata discovery job results by doing the following:
On the Data Discovery Jobs page, you can perform the following tasks:
Create a data discovery job
Manage job results
Run a data discovery job to search for sensitive data within a database candidate identified by the metadata discovery job.
Creating a data discovery job involves the following steps:
Use the results of data discovery to identify sensitive columns and associate the database with an Application Data Model.
Work with data discovery job results by doing the following:
Click the database name link in the job row to open the database instance home page; click the job status link to open the job summary page in the Jobs system.
Optionally associate a database with either a new or existing ADM. Select a data discovery job row, then click Assign Application Data Model and choose the appropriate option.
Select a job in the top table to see the discovery results at the bottom. Review job results by clicking the job criteria tabs. Expand tab contents as necessary to drill down to the details.
Click the Sensitive Data Columns tab to see the origin and nature of the data in the sensitive columns. As noted, if there is an ADM assigned, you can interactively set the sensitivity status by selecting a row and choosing a status from the Set Sensitive Status drop-down menu.
Use the information in the table to inform your decision to declare a column sensitive. For example, the sample data and columns matching the criteria both in name and as a percentage of data are strong indicators of the column's sensitivity.
If there is no ADM assigned to the data discovery job, sensitivity status is disabled, and the relevant schema is displayed in place of an application.
Click the Application Signatures tab to see database objects that uniquely identify the application.
Click the Objects with Data Protection Policies tab to see the specific objects the job discovered that are protected by supported protection policies.
Set sensitive column status on the discovered objects:
Click Select Sensitive Columns.
Provide credentials to log in to the database discovered by the job.
Click the List Columns button to display all the columns in the table covered by the protection policy.
Set status to sensitive and select an associated sensitive column type for those columns you consider sensitive within the application.
Click OK when done to confirm your selections.
The selected columns are identified as sensitive within the assigned ADM.
If there is no ADM assigned to the data discovery job, the sensitive status feature is disabled, and the relevant schema is displayed in place of an application.