Users are eager to leverage the many benefits of the Oracle Cloud, but they also need easy access to tools to help them secure their data. Fortunately, Oracle Database users can leverage a rich set of security controls which support deployments both on-premises and in the cloud. However, deployment and ongoing support of these solutions is often a “do-it-yourself” exercise for uses.
Oracle Data Safe provides users with a set of five essential data security features in a single, integrated cloud service which is easy to use and needs no on-premises deployment.
In this post, we take a look at each of these features.
• Security Assessment
• User Assessment
• Activity Auditing
• Data Discovery
• Data Masking
Even with a managed database service like Oracle Autonomous Database, users have considerable latitude in how they configure the service to allow their users to access it. Data Safe’s database security assessment feature highlights configuration decisions that negatively impact security, helping to identify any gaps that could represent a vulnerability. Data Safe’s security assessment performs a comprehensive check of database configurations, examining areas like user accounts, privilege and role grants, authorization controls, fine-grained controls, auditing, encryption, and configuration parameters. It identifies gaps compared against organizational best practices and delivers actionable reports with prioritized recommendations as well as mappings to common compliance mandates like EU GDPR, DISA STIGs, and CIS benchmarks.
Data Safe implements a unique new capability that allows security administrators to evaluate the risk represented by various database users. The user risk assessment feature performs an evaluation of database users, looking at both static and dynamic characteristics of the user’s profile, in order to identify the highest risk users. User risk is presented graphically, allowing administrators to very quickly determine which users may be over privileged or require application of a compensating control such as auditing.
Database auditing is perhaps the most critical control for database security and regulatory compliance. Data Safe’s user activity auditing feature allows administrators to select from a variety of predefined audit policies and enable them in the database with a single mouse click. They can then start collecting audit records from their cloud databases, which are stored and securely retained in the Data Safe service. Data Safe users can access interactive reports for user activity tracing or forensics purposes, as well as summary reports for routine collection and reporting. These reports can be downloaded as PDFs to help with organizations’ compliance programs. Administrators can also select from a number of predefined alert policies so they are immediately notified of unusual activities that may indicate compromise.
The types of data contained within the database, and their sensitivity, helps determine which controls should be used to protect that data. Data Safe includes a sensitive data discovery feature that allows security administrators to quickly answer the critical questions of “what types of sensitive data do I have?” and “how much of it do I have?” Data Safe’s sensitive data discovery feature provides automated discovery of over 125 sensitive data types across categories including personally identifiable information, financial information, health information, job-related information, and education information. Sensitive data discovery helps users to understand the value of the data and enables them to prioritize their defenses.
Masking sensitive data removes security risk from test and development systems, and minimizing the amount of sensitive data stored by the enterprise. Data Safe’s data masking feature provides the ability to quickly mask sensitive application data with a library of over 50 predefined masking formats. Default masking formats are automatically suggested based on the type of sensitive data discovered using the sensitive data discovery feature. Data masking can be used to transform columns of sensitive information such as birth dates and credit card numbers, and can also support more complex data masking use cases such as conditional and compound masking.
The security technologies and capabilities available with the Oracle Database enable customers to maintain a highly secure database environment. With Oracle Data Safe, these critical functionalities are now available with a simple click-and-secure interface, with no deep security expertise required. Delivered as a service with no deployment required, Data Safe helps customers reduce their operational costs associated with securing databases and helps all customers, big or small, to keep their data safe. With Data Safe, security is now truly the reason to move to the cloud.
Be sure to join us next week at the same time as we begin our drill-down into the first of these five features: the security assessment. In the meantime if you'd like more information about Data Safe, visit us here. And if you didn't catch the first blog of this series, read part 1 for the full product announcement.