By Simon Thorpe on Feb 06, 2009
I recently put together a presentation of how Oracle's security technologies can be combined to offer a complete solution to secure your sensitive data from its storage in the database, through manipulation and presentation in applications and onto the desktop when it resides in documents and emails. Oracle can now, mainly through it's amazing rate of acquisition, deliver a unique set of technologies to the customer. For the purpose of my presentation, security of sensitive information breaks down into three main areas;
- Structured data created and stored in the database
- Unstructured data presented by applications and stored in content repositories
- Unstructured data used in documents and emails
- A centralised, audited view of all activity from all technologies to all secured information
- Identity and access management to centralise control of rights to systems and information
database security is second to none. Since the first release of the database, security has been a core set of features. The name Oracle itself comes from the code-name of a CIA-funded project Ellison had worked on which i'm pretty sure had a heavy focus on security!
The latest release of the database, 11g, has many powerful security features.
- Advanced security provides storage encryption either at the column level or full tablespace encryption as well as the ability to encrypt the network over which database communication occurs and ensuring its integrity.
- Database vault which can prevent highly privileged users (DBAs) from accessing application data and enforcing separation of duty.
- Secure backup provides performant, highly scalable data protection for the Oracle database.
Application/Repository securityBut data only lives in the database, it goes to work in applications. Security needs to be applied as information travels across the network through applications/servers and onto the end user. There are solutions which are part of the Oracle Fusion Applications story which uses an extensive set of Middleware technologies that provide data security in use and can be used across existing (JD Edwards, PeopleSoft, Siebel etc) and customer created (JSF, ADF, C++, .Net) enterprise applications.
Technology in this area is vast but the headline features are;
- Powerful platform for securing and managing access to web applications
- Execution of security policies in real time
- Monitoring of all access-control events
- Often does not require developers to modify applications or services (no programmatic security necessary)
Oracle IRM completes the security of information through its entire lifespan.
- Persistent security controls over the access to sensitive documents and emails no matter where this information is ultimately copied, forwarded or even lost & stolen
- Control does not stop at the firewall, database or application!
- All access to content is audited, providing proof of compliance and a breadcrumb trail to all sensitive information
- Corporate information protection policies can at last be applied in a meaningful manner to ALL information in your business
Oracle's Audit Vault automates the audit collection, monitoring and reporting process, turning audit data into a key security resource for detecting unauthorized activity.
- Simplify compliance reporting
- Detect threats quickly
- Lower IT costs with audit policies
- Transparently collect and consolidate audit data
- Provide a secure and scalable repository
Identity Management suite allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall.
- Most Comprehensive, best-in-class solution
- Industry's only hot-pluggable solution for heterogeneous environment
- Proven for sustainable compliance
SummaryThis is a HUGE story to go into at any depth. But the information above gives a relatively high overview on how Oracle, via clever and well planned acquisition, now has the ability to ensure your ability to identify, secure and track information from its creation in the database, thru use in the application to distribution to the desktop, is under your control at all times.