An overview of Zero Trust Security Architecture

Zero trust is an IT security approach towards keeping sensitive data safe while staying compliant to new privacy regulations. As the use of cloud services rapidly expands, it also creates new potential for compromised or stolen credentials of a privileged administrator or application.

Zero trust makes it possible for organizations to regulate access to systems, networks, and data without giving up control. Therefore, the number of organizations that are moving to a zero-trust security model (meaning trusting nobody) is growing, so that companies can safeguard data with security controls that restrict access to the data according to a specific policy.)

Zero Trust architecture came from the realization that perimeter security solutions such as edge firewalls are not sufficient to prevent data breaches.

How can Oracle help with Zero Trust Architecture Security?

Oracle offers a wide range of products that could help you with backing up data and restoring data. When a system is compromised, the compromised system can be restored from a backup which is still secure and valid.

Recommended Defense

Immutable offline backup

  • Best:  Zero Data Loss Recovery Appliance
  • Good: Oracle Database Cloud Backup Service
  • Alternate: Offline backup to storage media like magnetic tape

Mitigating factors

Known software vulnerabilities are a common vector

  • Consider using Autonomous Database

Most attacks target the Windows platform

  • Consider running your database on Linux/Unix (Oracle Linux)

Ransomware may not propagate to other data centers

  • Consider having a Data Guard standby in another location/network

No known cases of ransomware infecting Oracle ASM

  • Difficult for automated malware to identify
  • Not technically difficult to destroy, but encrypting a raw file system AND providing a way to decrypt it is not trivial
  • Use ASM!

Recommended Defense

Encrypt your Database

  • Best:  Transparent Data Encryption (part of Advanced Security)
    • Oracle Key Vault for key storage and distribution
  • Audit your database

We’ll need to make sure that only valid/genuine users are able to connect to the database, identifying dormant accounts, and checking to be sure we haven’t granted privileges that don’t make sense in our environment. DBSAT and Data Safe help by pointing out use of things like the select any table privilege, or grants of the DBA roles

  • We should also check that database accounts are actually using the privileges we granted.

privilege analysis monitors privilege usage and can report on privileges that an account has that are not used. We can then remove those unnecessary privileges, reducing the attack surface presented by those users. Note that Privilege Analysis is only available for Oracle Enterprise Edition Database, it is not present in Oracle Standard Edition Database.

Oracle provides industry-leading capabilities for each of these security control objectives.  Our team can help you identify the right technical enforcement for virtually any control objective.

Securing an Oracle Database is much like securing any other system. You are protecting your data – that could be intellectual property, financial data, personal data about your customers or staff, or a combination of all three.  Because data is valuable, you need to guard against theft and misude.