ppt security database overview 11gr2 100419083446 phpapp02
TRANSCRIPT
![Page 1: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/1.jpg)
<Insert Picture Here>
Oracle Database Security
Gabriel Trauvitch – Master Principal Solutions Specialist – Grid Architect
Technology Presales – Greece & SEE
![Page 2: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/2.jpg)
2
More Data Than Ever
Source: IDC, 2008
1,800 Exabytes
Growth
Doubles
Yearly
2006 2011
![Page 3: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/3.jpg)
3
Oracle Database Security Business Drivers
Data Consolidation Globalization Right Sourcing
Compliance Mandates
SOX
FDA Basel IIEU Directives
HIPAA
GLBA SB1386
PCI
Security Threats
Insider Threats
Industrial Espionage
Identity Theft
![Page 4: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/4.jpg)
4
More Breaches Than Ever
Data Breach Once exposed, the data is out there – the bell can’t be un-rung
0
100
200
300
400
2005 2006 2007 2008
PUBLICLY REPORTED DATA BREACHES
630% Increase
Total Personally
Identifying Information
Records Exposed
(Millions)
Source: DataLossDB, Ponemon Institute, 2009
Average cost of a data breach $202 per record
Average total cost exceeds $6.6 million per breach
![Page 5: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/5.jpg)
5
More Threats Than Ever…
![Page 6: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/6.jpg)
6
Market Overview: IT Security In 2009
There has been a clear and significant shift from what was
the widely recognized state of security just a few years ago.
Protecting the organization's information assets is the top
issue facing security programs: data security (90%) is most
often cited as an important or very important issue for IT
security organizations, followed by application security (86%).
Market Overview: IT Security In 2009
- Jonathan Penn, April 22, 2009
![Page 7: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/7.jpg)
7
Data Security Challenges
• What to secure?
• Sensitive Data: Confidential, PII, regulatory
• Data in packaged and custom applications
• Secure Life cycle: creation, transit, storage, backup, test, transfer
• Can we secure it now?
• Secure using existing systems?
• Transparent?
• Loss, Unauthorized access, Separation of Duty
• Will it meet business requirements?
• Flexible, Transparent, Compliant?
• Secures both custom and packaged applications?
• Will it reduce operational cost?
• Easy to manage?
• Performant?
![Page 8: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/8.jpg)
8
Oracle Database Security Defense-in-Depth for Security and Compliance
Database
VaultLabel
Security
Access Control
Configuration
Management
Audit
Vault Total
Recall
Monitoring
Data
Masking
Advanced
SecuritySecure
Backup
Encryption and Masking
![Page 9: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/9.jpg)
9
Oracle Database Security Defense-in-Depth for Security and Compliance
Data
Masking
Advanced
SecuritySecure
Backup
Encryption and Masking
![Page 10: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/10.jpg)
10
Oracle Advanced SecurityTransparent Data Encryption
Disk
Backups
Exports
Off-Site
Facilities
• No application changes required
• Efficient encryption of all application data
• Built-in key lifecycle management
• Works with Exadata V2 Smart Scans
• Works with Oracle Advanced Compression
Application
![Page 11: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/11.jpg)
11
Oracle Advanced SecurityNetwork Encryption & Strong Authentication
• Standard-based encryption for data in transit
• Strong authentication of users and servers
• No infrastructure changes required
• Easy to implement
![Page 12: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/12.jpg)
12
Oracle Secure BackupIntegrated Tape or Cloud Backup Management
• Secure data archival to tape or cloud
• Easy to administer key management
• Fastest Oracle Database tape backups
• Leverage low-cost cloud storage
![Page 13: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/13.jpg)
13
Oracle Data MaskingIrreversible De-Identification
• Remove sensitive data from non-production databases
• Referential integrity preserved so applications continue to work
• Extensible template library and policies for automation
LAST_NAME SSN SALARY
ANSKEKSL 111—23-1111 40,000
BKJHHEIEDK 222-34-1345 60,000
LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000
BENSON 323-22-2943 60,000
Production Non-Production
![Page 14: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/14.jpg)
14
Large Credit Card Services ProviderCost Effective Encryption of Card Holder Data
Business Challenges• Protect sensitive card holder data
• Comply with PCI
Solution• Deployed Oracle Advanced Security TDE
Tablespace Encryption
Business Results• Addressed internal and external requirements
• Leveraged Oracle Advanced Security integration
with Hardware Security Modules for network
based management of TDE master encryption key
![Page 15: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/15.jpg)
15
U.S. Pharmaceutical Tools Manufacturer Oracle Advanced Security Protects Sensitive Data
Business Challenges• Worried about protection of intellectual
property and sensitive employee data
Solution
• Oracle Advanced Security TDE column
encryption
• Easy implementation within hours (Oracle
PeopleSoft)
• TDE with HSM made corporate-wide standard
• Average end-user responses time: +2.5 %
Business Results
• Cost effective and transparent implementation
of data encryption with no application changes
• Protection of sensitive data at rest and on
backup media
![Page 16: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/16.jpg)
16
EMEA-based Real Estate CompanyData Masking Pack accelerated availability of production data for
testing while improving DBA productivity
Business Challenges
• Custom scripts to mask sensitive data were not
able to scale to meet growing data volumes
• DBA team under increasing pressure to make
production data available to for application testing
within short time frames
Solution
• Data Masking Pack delivered an out-of-the-box
solution to replace custom database scripts
• High performance masking capabilities accelerated
masking process from 6 hours using database
scripts to 6 minutes using Data Masking Pack
Business Results
• 60 X performance improvement in masking process
resulted in faster turnaround of test system creation
• Improved DBA productivity by eliminating the
requirement to maintain custom scripts
![Page 17: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/17.jpg)
17
Oracle Database Security Defense-in-Depth for Security and Compliance
Database
VaultLabel
Security
Access Control
Data
Masking
Advanced
SecuritySecure
Backup
Encryption and Masking
![Page 18: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/18.jpg)
18
Oracle Database VaultSeparation of Duties & Privileged User Controls
• DBA separation of duties
• Limit powers of privileged users
• Securely consolidate application data
• No application changes required
• Works with Oracle Exadata V2 Database Machine
Procurement
HR
Finance
Application
select * from finance.customers
DBA
![Page 19: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/19.jpg)
19
Oracle Database VaultMulti-Factor Access Control Policy Enforcement
• Protect application data and prevent application by-pass
• Enforce who, where, when, and how using rules and factors
• Out-of-the box policies for Oracle applications, customizable
Procurement
HR
RebatesApplication
![Page 20: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/20.jpg)
20
Oracle Label SecurityData Classification for Access Control
• Classify users and data based on business drivers
• Database enforced row level access control
• Users classification through Oracle Identity Management Suite
• Classification labels can be factors in other policies
Confidential Sensitive
Transactions
Report Data
Reports
Sensitive
Confidential
Public
![Page 21: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/21.jpg)
21
Large US Based Global BankEnable Secure Cost Effective Deployments
Business
Challenges
• Outsource administration of multiple applications (E-Business Suite,
PeopleSoft and other in-house and 3rd party applications)
• “Cross Border” security controls to protect country-specific sensitive
client data from DBA access in a different country
• Deploy a security solution that is certified with applications and with
minimal performance overhead
Solution
• Deployed Oracle Database Vault on 18+ applications including E-
Business Suite, PeopleSoft and other internal and 3rd party
applications to prevent privileged user access to application data
• Used Database Vault multi-factor authorization to enforce cross-
border access control and to prevent “Application Bypass”
• Over 200K users accessing these systems globally
Business
Results
• Saved over $15M a year by outsourcing/off-shoring backend
administration operations
• Addressed “Cross Border” security requirements
• Passed external audit and avoided paying fines
![Page 22: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/22.jpg)
22
Pharmaceutical Services ProviderProtect Sensitive Customer Information and Address Regulations
Business Challenges
• Protect and secure the privacy of very sensitive customer
medical data and employee data in PeopleSoft
• Comply with internal policies and external regulations
(HIPAA, SOX, Privacy Laws)
• Prevent privileged user access to sensitive data
Solution• Deployed Oracle Database Vault with out-of-the-box
PeopleSoft protection policies
• Took 14 days to go production
Business Results
• Complied with HIPAA and other privacy regulations
• Passed external audit
• Saved on consulting costs and deployment time by using
the out-of-the-box Database Vault protection policies
• Deployed Database Vault with minimal changes to
existing internal processes and procedures
![Page 23: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/23.jpg)
23
Large European Telecom ProviderEnable Organization to Meet Regulations
Business
Challenges
• Protect the privacy of sensitive client data in their telecom billing system
• Meet internal, European Data Security Directive, and country-specific
privacy requirements
• Prevent tampering or deletion of database objects or database users
Solution
• Used Database Vault Realms and Command Rules to prevent DBAs
from accessing sensitive data
• Used Command Rules to prevent tampering or deletion of database
objects or users
• Used multi-factor authorization to prevent “Application Bypass” based
on IP address
Business
Results
• Secure the third party billing system without any application changes
• Comply with internal, European, and country-specific privacy laws
• Cost effective preventive controls against any tampering or deletion of
database objects or users
• Maintain good performance without buying additional hardware
![Page 24: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/24.jpg)
24
Oracle Database Security Defense-in-Depth for Security and Compliance
Database
VaultLabel
Security
Access Control
Configuration
Management
Audit
Vault Total
Recall
Monitoring
Data
Masking
Advanced
SecuritySecure
Backup
Encryption and Masking
![Page 25: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/25.jpg)
25
Oracle Audit VaultAutomated Activity Monitoring & Audit Reporting
• Consolidate audit data into secure repository
• Detect and alert on suspicious activities
• Out-of-the box compliance reporting
• Centralized audit policy management
CRM Data
ERP Data
Databases
HR Data
Audit Data
Policies
Built-inReports
Alerts
CustomReports
!
Auditor
![Page 26: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/26.jpg)
26
Oracle Total RecallSecure Change Tracking
select salary from emp AS OF TIMESTAMP
'02-MAY-09 12.00 AM„ where emp.title = „admin‟
• Transparently track data changes
• Efficient, tamper-resistant storage of archives
• Real-time access to historical data
• Enables forensics and error correction
![Page 27: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/27.jpg)
27
Oracle Configuration ManagementVulnerability Assessment & Secure Configuration
• Database discovery
• Continuous scanning against best practices
• Detect and prevent unauthorized configuration changes
• Change management compliance reports
ConfigurationManagement
& Audit
VulnerabilityManagement
Fix
Analysis &Analytics
Prioritize
PolicyManagement
AssessClassify MonitorDiscover
AssetManagement
![Page 28: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/28.jpg)
28
European Healthcare Insurance Provider Simplified Reporting and Stronger Security
Business Challenges
• Internal and external database audit requirements
across 10 Oracle and SQL Server databases
• Took 3 months and 2 part time people to create the
audit reports for yearly audit
• No monitoring for insider threats
Solution
• Oracle Audit Vault consolidated reporting on audit
data from Oracle and SQL Server
• Oracle Audit Vault consolidation of audit data
removed DBA from audit review process
Business Results
• Saved 100‟s of hours in report generations
• Worked with auditors to create customized reports
from the out-of-the box default reports for
personalized content
• Estimated return on investments in less than 18
months
![Page 29: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/29.jpg)
29
Large Financial Services ProviderStronger Controls
Business Challenges
• Audit credit card transactions
• 20+ production Oracle databases with native
auditing already turned on
• Need for reports and no resource or budget to
create and review them
Solution
• Oracle Audit Vault audit data collection and secure
centralized storage
• Audit Vault proactively monitors privileged user
access violations, failed database logins, and
generates forensic data
Business Results
• Passed internal audits
• Automated reporting on credit card transactions
• Secure consolidation of audit data
• Detected policy violations of database activity
• Deployed in production in 3 months
![Page 30: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/30.jpg)
30
Large European Telco Provider Address Telco Regulations on Call Records
Business Challenges
• Audit credit card transactions
• 20+ production Oracle databases with native
auditing already turned on
• Need for reports and no resource or budget to
create and review them
Solution
• Oracle Audit Vault audit data collection and secure
centralized storage
• Audit Vault proactively monitors privileged user
access violations, failed database logins, and
generates forensic data
Business Results
• Passed internal audits
• Automated reporting on credit card transactions
• Secure consolidation of audit data
• Detected policy violations of database activity
• Deployed in production in 3 months
![Page 31: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/31.jpg)
31
Oracle Database Security Defense-in-Depth for Security and Compliance
Database
VaultLabel
Security
Access Control
Configuration
Management
Audit
Vault Total
Recall
Monitoring
Data
Masking
Advanced
SecuritySecure
Backup
Encryption and Masking
![Page 32: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/32.jpg)
32
For More Information
oracle.com/database/security
search.oracle.com
database security
![Page 33: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/33.jpg)
33
![Page 34: Ppt Security Database Overview 11gr2 100419083446 Phpapp02](https://reader033.vdocuments.us/reader033/viewer/2022051207/543c0888afaf9fe7568b4e7c/html5/thumbnails/34.jpg)
34