Special Promotion: Data Safe for On-Premises Oracle Databases at No Cost Through February 2027

Organizations continue to run some of their most critical Oracle databases on premises. These databases often support core business applications, store sensitive and regulated data, and fall within the scope of internal security policies, audits, and compliance requirements.

For DBAs and database security teams, the challenge is visibility and consistency. On-premises databases may have years of configuration changes, accumulated privileges, legacy accounts, audit exceptions, and nonproduction copies of sensitive data. Periodic reviews and ad hoc scripts can help, but they are difficult to scale across large database environments.

AI does not change the fundamentals of database security, but it can increase the importance of maintaining visibility into database security posture as AI-assisted development and automated attacks become more common. Attackers can automate reconnaissance and credential testing, while internal AI-assisted development, analytics, and automation can create new paths to sensitive data. That makes ongoing visibility into configuration risk, privileged users, audit coverage, sensitive data exposure, and security drift more important than ever.

Data Safe helps simplify that work

Data Safe gives DBAs and database security teams a centralized way to assess and monitor supported Oracle Databases. It brings together Security Assessment, User Assessment, Activity Auditing, Reports and Alerts, Sensitive Data Discovery, and Data Masking for non-production environments.

Get Started with Data Safe for On-Premises Databases

For customers with on-premises Oracle databases, Oracle databases on compute instances, and Amazon RDS for Oracle, the following promotion makes it easier to get started. Oracle is waiving Data Safe service charges for these supported database targets through February 28, 2027. Charges for audit record collection that exceed applicable free usage limits continue to apply.

With this promotion, DBAs can establish an initial baseline for critical systems and prioritize remediation based on actual findings. Here is how teams can implement this today:

Start with Security Assessment

A strong database security program starts with a clear baseline. Because on-premises environments may have evolved across different teams and applications, some databases may align with approved configurations while others have drifted. Data Safe gives DBAs a consistent way to help organizations regain visibility and control:

  • Establish a Clear Baseline: Evaluate database settings, user accounts, and security controls against Oracle best practices, CIS Benchmarks, DISA STIG, and EU GDPR.
  • Identify and Prioritize Risk: Consistently identify risky settings, prioritize remediation, establish baselines, and detect configuration drift over time.
  • Manage Fleets at Scale: Use target database groups (organized by application, environment, or sensitivity) and assessment templates to review deviations from selected benchmark or policy requirements across multiple systems.

Security Assessment helps teams answer practical questions: Are databases configured according to approved practices? Which findings need priority review? Which databases have drifted from a known, good baseline?

Understand User Risk

Once configuration risk is visible, the next focus is user risk. In long-running on-premises environments, privileges can easily accumulate as applications change, administrators rotate, and emergency access becomes permanent. Data Safe User Assessment helps identify highly privileged and potentially risky users:

  • Evaluate System Privileges: Identify excessive privileges, shared operational accounts, and highly privileged users based on system privileges and role grants.
  • Uncover Vulnerable Accounts: Surface granular details including user type, authentication method, password policy, password-change history, dormant accounts, and stale passwords.
  • Replace Assumptions with Evidence: Transition away from relying on institutional knowledge by generating actionable data on who has access to what.

Teams can see which accounts need review, which privileges should be validated, and which highly privileged users should be monitored more closely. A high or critical user risk score does not prove misuse. It shows where access should be confirmed, reduced, or audited.

Monitor Activity and Respond Faster

Assessments show where risk may exist, but auditing shows what is happening. Data Safe Activity Auditing helps collect and analyze audit data from target databases so DBAs and security teams can effectively monitor activity and respond to events:

  • Centralize Audit Collection: Review audit activity across production systems, regulated applications, and databases containing sensitive data without checking each system independently.
  • Focus Attention with Alerts: Based on configured audit policies, generate alerts for configured events that require attention.

This helps teams answer practical questions: Were administrative actions tracked? Were failed or unexpected logins detected? Were users, roles, or audit policies changed? Can we produce audit evidence when requested? Together, assessments, auditing, alerts, and reports help DBAs move from ad hoc audit checks to more consistent monitoring, investigation, and evidence collection.

Discover and Mask Sensitive Data

After addressing configuration and user risk, the next question is where sensitive data resides. Sensitive data often spreads beyond the original production database into reporting systems, test environments, and analytics platforms. Data Safe provides the inventory needed for tighter controls:

  • Locate Regulated Information: Use predefined and user-defined sensitive types to discover and classify identifiers, financial, healthcare, and IT data columns across the inventory.
  • Mask Nonproduction Environments: Reduce exposure by replacing actual sensitive values with realistic but fictitious data for developers, testers, and analysts.

Together, Data Discovery and Data Masking help DBAs move from “we think we know where sensitive data is” to evidence-based protection through robust sensitive data models and masking policies.

Built for Hybrid Database Estates

Most organizations manage Oracle databases across multiple environments. These databases may span on-premises, cloud, and hybrid environments—each requiring consistent security controls.

Data Safe centralizes visibility into database security for supported Oracle database targets, helping DBAs assess posture, review user risk, monitor activity, discover and mask sensitive data, manage reports, and support governance.

For on-premises Oracle databases, teams can help improve security in place, gaining better visibility, prioritizing risk, and helping teams produce audit evidence when needed.

Why On-Premises Customers Should Act Now

Oracle’s current Data Safe promotion gives DBAs a timely opportunity to bring supported on-premises Oracle Databases into a centralized security review at no Data Safe service charge through February 28, 2027. Applicable charges for audit record collection above free usage limits may still apply.

Because on-premises databases contain an organization’s most valuable and regulated data, this promotion allows DBAs to start where risk is highest: baselining critical databases, reviewing privileged users, and identifying sensitive data based on actual findings.

A practical implementation could include:

  1. Register critical on-premises Oracle databases with Data Safe.
  2. Group targets by application, environment, sensitivity, or criticality.
  3. Run Security Assessment to establish a baseline and monitor configuration.
  4. Review privileged and high-risk accounts with User Assessment.
  5. Configure Activity Auditing and Alerts for key security events.
  6. Identify and protect sensitive data using Data Discovery and Data Masking.

Improving Database Security for On-Premises Environments

Database security should not depend on where a database is deployed. Whether an Oracle Database runs in the cloud or on-premises, teams need a consistent way to assess configuration risk, review user privileges, monitor activity, protect sensitive data, and respond to security findings.

Data Safe brings these capabilities together in a centralized service, helping teams improve visibility, prioritize risk, and strengthen security across supported Oracle AI Database environments.