Security Inside Out

Oracle Database Vault is now certified for use with SAP applications. With Oracle Database Vault, protective realms around SAP application database objects can be established to prevent privileged database users from accessing sensitive data and to enforce separation of duties among privileged database users.

Oracle Database Vault provides the following default realms to protect the SAP application and data within the database:

• Application Protection Realms for ABAP™ and the Java stacks: Protects all the sensitive SAP business data against unauthorized access from the privileged database users, and maintains the integrity of the SAP database structures;


• Application Administration Realm for BR*Tools: Securely protects the integrity of all Oracle Database objects such as tables and indexes that are used by the BR*Tools and guards against unauthorized changes from other privileged database users;


• Application Protection Realm for Admin Roles: protects SAP administration roles including SAPCONN, SAPDBA, SAPCRED, and SAPSYS from being granted except by the authorized administrator, and provides separation of duty; and,


• Application Credential Protection Realm: protects the SAP application credential data from any unauthorized access or changes by privileged database user, and enhances separation of duty.

Using the certified Oracle Database Vault command rules for SAP, organizations can also ensure that database users cannot by-pass SAP application security features and access SAP application data directly using ad-hoc database query tools. Customers can further customize these default rules and add rules to address additional security requirements. Oracle Database Vault comes with numerous pre-defined command rule factors such as time of day, day of week and system address, and organizations can build custom factors using the Oracle Database Vault API.

SAP application data can be further protected using Oracle Advanced Security, which was previously certified for SAP. Oracle Advanced Security provides Transparent Data Encryption to prevent unauthorized access to SAP application data outside the database, and complements Oracle Database Vault protection for SAP application data within the database.

Download a free, evaluation version of Oracle Database Vault (terms, conditions and restrictions apply) and the Oracle Database Vault for SAP Resource Kit which includes demos, step-by-step tutorials, and more info to get you started.

Now available, Oracle Audit Vault Release 10.2.3.2 is designed to help organizations secure all their enterprise databases and address regulatory requirements. This latest release of Oracle Audit Vault introduces key new reporting and alerting capabilities to further automate the database audit process and help reduce costs. New features include:

• Report scheduling, notification, attestation, and archiving capabilities that can help organizations lower the cost of complying with internal and external data privacy and protection mandates


• Entitlement reports with up-to-date snapshots of Oracle Database users, privileges, and profiles, which allow auditors to track changes to database access


• Compliance reports to specifically address the Sarbanes-Oxley (SOX) Act, the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI) Data Security Standard (DSS) regulatory requirements for database activity monitoring and audit


• Automated cleanup of audit trail data from supported Oracle and non-Oracle databases once that audit data has been securely consolidated in the Oracle Audit Vault repository, which helps reduce the operational costs of database auditing

Internally we call this new release, the "Auditors' Release" since we consulted with numerous IT auditors to help ensure that the new entitlements and compliance specific reports contain the information needed to pass real-world database audits, and the automation features required to streamline the way auditors really work. "Oracle Audit Vault reports contain the necessary information auditors are looking for when they conduct database compliance and security audits," says Joseph DeVita, Oracle Governance, Risk and Compliance leader at PricewaterhouseCoopers. "With support for Oracle and non-Oracle databases, Oracle Audit Vault provides a robust solution for enterprise database activity monitoring and audit."

Customers like Chase Paymentech agree. Listen here to learn how Chase Paymentech, one of the largest payment card processors, relies on Oracle Audit to help address security and compliance requirements while avoiding costly infrastructure investments and third-party support hassles.