Oracle Cloud Infrastructure Documentation

Introduction to Oracle Data Safe Video Script

This script is for the Introduction to Oracle Data Safe video.

Introduction

Organizations rely on databases to manage their most critical asset – the data. But if not well protected, this data could become their biggest liability. According to industry reports, almost one third of the attacks are performed by internal actors, and over half of internal attacks are on databases.

Sensitive data, such as personally identifiable information, personal financial information, and personal healthcare information, make databases attractive targets for hackers and even insiders, who are looking to steal data for monetary, strategic, or personal reasons, or just to disrupt business. Furthermore, by law, organizations must comply with Data Protection Regulations, such as the European Union’s General Data Protection Regulation (GDPR), Payment Card Industry's Data Security Standard (PCI DSS), Sarbanes Oxley (SOX), and many such data protection laws across the globe. Hackers try to exploit weaknesses in user credentials, applications, and database configurations in both production and non-production databases.

How do you manage against a legion of attackers who have all the infrastructure, the tools, and the time, when you don’t? Oracle provides top-in-class security for the computing infrastructure of its cloud databases, including encryption by default, separation of duty, and proactive security patching. But organizations need to further secure their databases by understanding their own data, their own users, and their configurations.

Introducing Oracle Data Safe, a fully integrated cloud service that helps you secure your data and address compliance requirements. With Oracle Data Safe, you can assess the security of your database configurations, find your sensitive data, mask that data in development and test environments, discover the risks associated with database users, and monitor database activity - all from a single, easy-to-use management console.

Secure Your Cloud Databases

Poor database configurations, such as weak password policies, insufficient control of over-privileged accounts, and lack of activity monitoring, are the most common causes of vulnerabilities. In Oracle Data Safe, Security Assessment analyzes your database configurations, user information, and security controls.

It generates a report that helps you understand the potential risks. At a glance, you get an overall picture of your database security status. The report also highlights remediation steps and findings related to GDPR (General Data Protection Regulation), CIS (Center for Internet Security), and STIG (Security Technical Implementation Guide), making it easier for you to identify the required security controls.

Find Your Sensitive Data

Protecting sensitive data begins with knowing what sensitive data you have and where it’s located. In Oracle Data Safe, Data Discovery inspects the actual data and the Database Dictionary to find sensitive data. It can show you sample data for your validation. Data Discovery includes a comprehensive and extensible library of sensitive types, which are grouped by identification, biographic, IT, financial, healthcare, employment, and academic information.

Data Discovery creates a report that shows you details about your sensitive data. At the top, you can view totals about your sensitive data and drill down into a chart to view breakdowns of sensitive types. The table summarizes the different sensitive types and estimated rows for each sensitive type. You can also view the actual column names and sample data.

Mask Sensitive Data for Development and Test Environments

For many applications, organizations may need to create several copies of production data to support development and test activities. If you simply copy your production data as is, your sensitive data becomes exposed to new users, increasing your attack surface. For better security, database copies should have sensitive data replaced with realistic, but fictitious, data so that even if attackers succeed in gaining access to the data, they cannot benefit from the fake masked data.

In Oracle Data Safe, Data Masking simplifies the job of masking data with over 50 predefined masking formats. For example, you can shuffle the data in a column, replace data with random dates, and substitute phone numbers with generic ones. You can also create your own masks.

Understand User Risks

Many questions need to be answered to understand user risks. Which database accounts have powerful roles, like Database Administrator, Database Vault Administrator, or Audit Administrator? Who all can make changes that seriously impact the system, access sensitive data, and grant access to unauthorized users? Are some user accounts at risk of being taken over by attackers because passwords haven’t been changed in a long time?

In Oracle Data Safe, User Assessment answers these questions and more to help you identify your high risk users. Administrators can then deploy with appropriate security controls and policies to ensure the ongoing security of the databases.

Monitor Database Activity

You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being hacked or misused. Activity Auditing allows you to provision and enable audit policies on your cloud databases so you can enable pre-configured policies to monitor sensitive database changes, administrator and user activities, activities recommended by the Center for Internet Security, and activities defined by your own organization. As your audit data is generated, Activity Auditing will automatically pull your audit data into the Oracle Data Safe database.

Activity Auditing provides a wide range of interactive audit reports, including the All Activity report, which is a comprehensive report that contains every audited activity. Other reports focus on specific areas, such as admin activity, user and entitlement changes, audit policy changes, login activity, data access, data modification, and database schema changes. You can also download a report as a spreadsheet or PDF file, which is very useful for compliance reporting.

It’s also important to be alerted on certain database activities as they occur, for example, when database parameters or audit policies change, when an administrative user login fails, when users are created or deleted, or when user entitlements change. The All Alerts report summarizes all the alerts that have been raised, including How severe is the risk? Who did what? On which database? When?

Conclusion

Safeguarding your data just got a whole lot easier. With Oracle Data Safe, it’s fast and easy to assess your database configurations, discover sensitive data, mask sensitive data in your non-production databases, assess users, and monitor database activity.

Oracle Data Safe. Ensure your critical data assets do not become a liability. To learn more, visit www.oracle.com/database/technologies/security/data-safe.html.