Automation Improves Database Security and Compliance

February 3, 2022 | 5 minute read
Timothy Mooney
Director, Product Marketing
Text Size 100%:

For DBAs, database security and compliance is more critical and more challenging than ever. Here are highlights from a technical webinar by Oracle Product Managers, Martin Peña and Harish Niddagatta on improving your security posture faster and with less work using Oracle Enterprise Manager with Database Lifecycle Management Pack. The Oracle Observability and Management session delivered at Oracle Database World can be found here.


Database patching and compliance challenges

Database Security at Risk Due to Patching and Compliance Challenges

Are you facing any of these challenges?

Martin Pena walks us through a sampling of the challenges he hears from customer administrators. The cause of unpatched systems isn’t just the limited resources available to do the job, it’s often tangled in the next challenge that Martin affectionately calls configuration sprawl.  Configuration sprawl happens when database configurations are made up of hundreds of settings that diverge from their original maintenance lifecycle standard-setting. Even if you have the time and tools, how do you know what configuration you are dealing with to determine which patch to apply and how? How do you manage the configurations on your systems? Homegrown scripts may help, but at what cost to keep the custom scripts working, and how effective are they? In most cases, scripts don’t meet rigorous auditor criteria and companies fail compliance audits which can result in penalties or fines. The bottom line, misconfigurations create security vulnerabilities. It’s a wise decision to take a low-risk approach using Oracle’s latest technology, best practices, and Oracle database automation capabilities.

Lifecycle of Database Management

Automation Helps You Manage More Databases and Keep Them Secure

Oracle’s best practices are to leverage automation to address the security challenges of managing databases in a typical modern environment using Enterprise Manager.  Most IT organizations have a range of database technology deployed. Enterprise Manager supports virtually every option for all workflows from provisioning or cloning, to patching and upgrading, and finally managing configurations and compliance. DBA’s can manage hundreds of databases simultaneously, instead of just a few.

Ops Automation
Using Automation for Database Operations and Security Hardening

Using Automation for Database Operations and Security Hardening 

Automation is key, while a few features can be automated manually, some features are only available or automated at scale by using the Enterprise Manager platform.   Patch and upgrade capabilities, standard command lines, and enhancements for grid infrastructure are available from a new graphical user interface.

In addition to patching automation, there have been updates to the compliance framework, including updated support standards and compliance to Oracle Autonomous Health Framework (which includes functionality of Oracle ORAchk, Oracle EXAchk, and Oracle Trace File Analyzer) and XCCDF for Linux.

Key use cases

  • Workflow with pre-checks and tracking while patching and updating Oracle Databases
  • Workflow for managing and maintaining compliance to industry and Oracle standards
Patch and upgrade at scale
Patrch and upgrade at scale

Patch and Upgrade Databases at Scale

Product Manager Harish takes us deeper, starting with the new graphical interface.  In addition to the CLI and REST APIs already available, the new intuitive dashboard displays where you are in the workflow and has built-in pre-checks to ensure your workflows run smoothly. Staying current with the vast permutations of the Oracle Database, from single instance, to multitenant, and down the line is now a standard. This is a substantial amount of work if you’re thinking about writing your own scripts to support your existing assets and anything new you deploy. As well as performing all the QA and support as well.

Patch recommendations based on MOS

Automatically Use Oracle Patch Recommendations

Human error can occur at every step in the patching and update process. Another way to reduce risk is by leveraging the recommendations from Oracle on My Oracle Support (MOS) automatically.

Gold images management
Patch recommendation and managing using gold image

The Patch Workflow Using a Gold Image

Having standard configurations is a great idea, but what is the best way to implement and maintain them? A gold image model is built into Enterprise Manager and allows you to set up your gold image to best practices and then subscribe the appropriate databases to that gold image. Then, when updates are carried out, the final patched asset meets the standard.

Managing CDB and PDB
Patching and updating Multitenant Databases, both the CDB and PDBs

Patching and Updates for Multitenant Databases

A popular question when automating database processes is support for Oracle Multitenant databases.  Topics covered include patching and updating CDBs and PDBs, both where the administrator is managing the workflow as well as a self-service model where a developer or other user can control a preset policy on their own schedule.

Evaluating compliance against industry and best practices standards
Evaluating compliance against industry and best practices standards

Security Standards Support

This slide from the session displays some of the standards supported by the compliance check system. There are many more, including at the database level.

Getting Started With Database Operations Automation

As you might expect, this service is popular, especially for large and diverse deployments. To get started, use the resources listed.

Timothy Mooney

Director, Product Marketing

Experience across business development, product management, product marketing in computer hardware to cloud services.

Previous Post

Experience Oracle Cloud Infrastructure Application Performance Monitoring with LiveLabs Workshops

Daniela Hansell | 2 min read

Next Post

Geolocation enrichment for securing Private IP addresses

Sachin Mirajkar | 4 min read