Complete security from database to desktop

I recently put together a presentation of how Oracle's security technologies can be combined to offer a complete solution to secure your sensitive data from its storage in the database, through manipulation and presentation in applications and onto the desktop when it resides in documents and emails. Oracle can now, mainly through it's amazing rate of acquisition, deliver a unique set of technologies to the customer. For the purpose of my presentation, security of sensitive information breaks down into three main areas;

  • Structured data created and stored in the database
  • Unstructured data presented by applications and stored in content repositories
  • Unstructured data used in documents and emails
Then to complete the security story at the enterprise level you need;
  • A centralised, audited view of all activity from all technologies to all secured information
  • Identity and access management to centralise control of rights to systems and information
My presentation discussed these areas at a high level, identifying specific products Oracle has which can all be used to provide the most complete security solution across your organization.

Database security

Oracle's database security is second to none. Since the first release of the database, security has been a core set of features. The name Oracle itself comes from the code-name of a CIA-funded project Ellison had worked on which i'm pretty sure had a heavy focus on security!
Database security

The latest release of the database, 11g, has many powerful security features.
  • Advanced security provides storage encryption either at the column level or full tablespace encryption as well as the ability to encrypt the network over which database communication occurs and ensuring its integrity.
  • Database vault which can prevent highly privileged users (DBAs) from accessing application data and enforcing separation of duty.
  • Secure backup provides performant, highly scalable data protection for the Oracle database.
And much, much, much more, but basically the story here is when it comes to database security, Oracle is your first choice.

Application/Repository security

But data only lives in the database, it goes to work in applications. Security needs to be applied as information travels across the network through applications/servers and onto the end user. There are solutions which are part of the Oracle Fusion Applications story which uses an extensive set of Middleware technologies that provide data security in use and can be used across existing (JD Edwards, PeopleSoft, Siebel etc) and customer created (JSF, ADF, C++, .Net) enterprise applications.
Application security Technology in this area is vast but the headline features are;
  • Powerful platform for securing and managing access to web applications
  • Execution of security policies in real time
  • Monitoring of all access-control events
  • Often does not require developers to modify applications or services (no programmatic security necessary)

Content security

Ultimately data ends up in some sort of structured format, a Word document, an email or a spreadsheet. Oracle continues its story of security into this area with Oracle IRM. Information that resided securely in the database, that was queried by a secure application and presented to the user can now be available in an encrypted document which you have complete and persistent control over.
Oracle IRM content security

Oracle IRM completes the security of information through its entire lifespan.
  • Persistent security controls over the access to sensitive documents and emails no matter where this information is ultimately copied, forwarded or even lost & stolen
  • Control does not stop at the firewall, database or application!
  • All access to content is audited, providing proof of compliance and a breadcrumb trail to all sensitive information
  • Corporate information protection policies can at last be applied in a meaningful manner to ALL information in your business

Complete auditing

Because there are so many different technologies that provide this complete security story, you need to have centralised services to give the enterprise the ability to view what is going on.
Audit security
Oracle's Audit Vault automates the audit collection, monitoring and reporting process, turning audit data into a key security resource for detecting unauthorized activity.
  • Simplify compliance reporting
  • Detect threats quickly
  • Lower IT costs with audit policies
  • Transparently collect and consolidate audit data
  • Provide a secure and scalable repository
Oracle's Governance, Risk, and Compliance Manager also allows the business to monitor business process risk and control performance across the enterprise, automatically highlighting areas of control weakness, and initiating corrective actions with automated loss and investigations management.

Complete identity management

Finally as data is secured from database to desktop and you implement auditing to have visibility of the entire system, you need to be able to deploy solutions that allow you to manage the users, groups and policies that have access to all this sensitive data. Oracle's Identity Management suite allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall.
Identity Management
  • Most Comprehensive, best-in-class solution
  • Industry's only hot-pluggable solution for heterogeneous environment
  • Proven for sustainable compliance


This is a HUGE story to go into at any depth. But the information above gives a relatively high overview on how Oracle, via clever and well planned acquisition, now has the ability to ensure your ability to identify, secure and track information from its creation in the database, thru use in the application to distribution to the desktop, is under your control at all times.



Post a Comment:
  • HTML Syntax: NOT allowed

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide


« August 2016