Tuesday Aug 06, 2013

Secure, Subset and Self-Service Database provisioning in Cloud


One-step inline data masking and data subsetting is a very innovative solution in Oracle Enterprise Manager 12c that enables enterprises to provision secure and reduced size test systems directly from the production or standby database without the need for a full production database copy. So you are able to create reduced size copies of production database keeping the referential integrity of data set intact saving on storage costs and more importantly also ensure your sensitive database never creeps into any of your development or test systems in compliance with data privacy policies.

With Oracle Enterprise Manager 12c Release 3 customers have now started adopting this one-step on-the-fly masking and subsetting solution along with Database-as-a-Service(DBaaS) self-service provisioning capabilities and the outcome is one of the most comprehensive and unique solution to realize self-service provisioning of secured, subset copies of production like databases for all of testing and development needs in a private cloud model.




In this blog post I will walk through the steps required to achieve this comprehensive solution for test and development systems provisioning in enterprise private cloud.


1) Prepare source database

One of the ideal option in case customer has physical standby is to convert physical standby into a snapshot standby for one-step data subsetting and masking operation. A snapshot standby receives and archives but does not apply redo from primary until converted back to physical standby. So once you have created subsetted and secure dump from snapshot standby you can convert snapshot standby back to physical standby using Oracle Enterprise Manager. Refer to Oracle Data Guard guide for considerations in using snapshot standby.  In-line data subsetting and masking can also be performed on production database in case there is no physical standby.

2) Perform Inline data subsetting and masking workflow

Here are the steps :

a) Create Application Data Model(ADM)
ADM is a knowledge base entity in Oracle Enterprise Manager that captures application metadata, referential relationships, sensitive columns and is used by both test data management and data masking. There are pre-defined drivers to capture data relationships from application metadata tables for Oracle Applications such as Fusion Apps and eBusiness Suite. Security Administrator requires EM_ALL_OPERATOR privilege to create ADM and Data Masking and Subsetting definition.

b) Create Masking and Subsetting definition

As a best practice, Security Administrator can create masking formats for all regulated information in the enterprise. There are out-of-box Oracle supplied default masking formats also that can be used from format library. Next step is to create masking definition that includes information regarding table columns and the format for each column. You can choose which columns to mask. Data Masking workflow can be referred here.
Next step is to create Data subset definition and use the same ADM and database used in creating the masking definition. In this step you can define the table rules,rule parameters, include 'Ancestor and Descendant tables' or 'Ancestor tables only' option this ensuring referential integrity is maintained. At this step Space estimates can also be reviewed and depending on the result, you can modify or add new rules and review back on space estimates value. Pre/Post subset scripts can also be included in definition.

c) Generate subset using export option

Using the definition subset can be created by writing the subset data to export file. Specify directory where to save the export dump and schedule the subset job. Once the job is complete, the subset Data pump file of production data with sensitive data masked is ready. The overall flow is described here
Some key tips -
- Parallel degree can be used for faster export. Start with twice the number of CPUs and tune from there
- %U and max file size parameter can be used to ensure optimum use of parallelism
- Rule parameter in where clause can be used for actual subset generation with different values
- Column rules can be used to set large-sized columns to null or fix value to reduce database size further

3) Prepare secure test/reference database

Once the Data pump export file is generated it can be imported in a test/staging database . For details refer here.This test database can be used as a reference for all development and testing copies and hosted in Self-Service portal for end users to request from service catalog.

4) Self-Service Portal Setup

Following two options are available to cloud-enable this secure reference database for self-service provisioning of future copies of this database via Oracle Enterprise Manager 12c Database-as-a-Service (DBaaS) solution :

a) Snap Clone option that leverages storage level copy-on-write technologies for cloning and is suited best for functional testing requirements and for short lived databases.With this option you can clone terabytes of data in few minutes and storage saving is enormous with this option. you need to review the supported storage options for this method. As of time of writing the post Netapp and ZFS is supported though there are plans to support more storage options in near future.

b)  RMAN based cloning from backup is one of the favorite option for DBAs. The restore process is completely automated with EM 12c DBaaS and this option is best suited for performance and load testing, development requirements and for databases used for significant updates.
Once you decide on the option, steps to follow are documented in one of my recent blog post around Planning Database as a Service Implementation Project

Refer to Private Cloud Setup and Administration guide here for details on DBaaS Setup and Snap Clone, RMAN Profile options. The secure database prepared in previous step will be used as reference target by SSA Administrator while creating database provisioning profile using RMAN backup or Snapshot option. Please also ensure you have reviewed this MOS Note for DBaaS related patches -
"Enterprise Manager Cloud Control 12c Recommended Plug-Ins and Patches for Database as a Service (DBaaS) (Doc ID 1549855.1)"




5) Self-Service database provisioning in Cloud

End users can now request for secure subset copies of production database via Self-service portal for all kind of functional QA, load and performance testing, development requirements. All the databases provisioned from this approach are also enabled by default with EM 12c powered monitoring and diagnostics, lifecycle and cloud management capabilities.




Solution References

1) Oracle Enterprise Manager 12c Packs
Oracle Test Data Management Pack
Oracle Data Masking Pack
Oracle Database Lifecycle Management Pack
Oracle Database Cloud Management Pack

2) Oracle Enterprise Manager 12c Platform and Plug-ins
Enterprise Manager Cloud Control 12c Release 3 Base Platform (12.1.0.3)
Enterprise Manager for Oracle Database (DB) plug-in 12.1.0.4
Enterprise Manager for Oracle Virtualization (VT) plug-in 12.1.0.5
Enterprise Manager Storage Management Framework (SMF) plug-in 12.1.0.2
Enterprise Manager for Oracle Cloud (SSA) plug-in 12.1.0.6


Additional information

Stay Connected:

Twitter |  Face book |  You Tube |  Linked in |  Newsletter

Tuesday Feb 12, 2013

SquareTwo Financial uses Oracle Data Masking for Compliance and Improves Performance by 96%

Watch as leading financial services firm, SquareTwo Financial, talks about maintaining compliance while increasing IT productivity and performance by replacing in-house data masking with Oracle Data Masking solution.

Stay Connected:
Twitter |
Facebook | YouTube | Linkedin | Newsletter
Download the Oracle Enterprise Manager Cloud Control12c Mobile app

Friday Feb 08, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner recently announced that Oracle Data Masking Pack, part of Oracle Enterprise Manager’s quality management and Oracle Database Security defense-in-depth solution, has been named a leader in the first Magic Quadrant for Data Masking Technology report.

Oracle Data Masking strengths highlighted in the report include:

  • High performance data masking in Oracle Databases
  • Integration into Oracle Enterprise Manager 12c resulting in easy adoption
  • Availability of pre-built templates for popular packaged systems such as, Oracle E-Business Suite
  • Database security expertise and strong DBMS security portfolio

About Oracle Data Masking
Oracle Data Masking ensures privacy by transforming sensitive data before it is transferred to test, QA, and other non-production environments, addressing regulatory compliance for both Oracle and non-Oracle Databases.


Oracle Data Masking Pack: Production data is cloned and masked before being copied to Test.

Key Features:

  • Application data discovery
  • Centralized extensible format library
  • Comprehensive mask techniques
  • High performance masking with role-based security
  • Optimized for Oracle and non-Oracle databases
  • Integrated with Oracle testing products
  • Integrated with data subsetting

Oracle Data Masking completely replaces sensitive information such as; names, account numbers, SSNs, financial results, purchasing transactions, etc. in your development, test and QA systems with data that cannot be “reverse engineered” to reveal its original source. This allows production data to be safely used for development, testing, or sharing with out-source or off-shore partners for other non-production purposes. The Pack provides extensive search capabilities to scan enterprise databases for sensitive data discovery based on established data patterns and models.

The solution allows masking of all the related data elements automatically while preserving referential relationships combining the sensitive data columns and associated relationships in an Application Data Model. Oracle Data Masking can detect data dependencies, such as foreign key constraints and replaces sensitive information transparently. This ensures that the referential integrity necessary for applications to work and function properly will continue be in place, even on development systems.

Benefits:

  • Administrators will save time and eliminate risk by replacing individual scripts and routines written by DBAs with centrally managed and deployed libraries of masking processes.
  • Provides secure, scalable and automated solution to create test environments from production data using bulk masking.The solution enables faster time-to-market by speeding up the development process while helping organizations comply with privacy regulations and confidentiality policies.
  • Enables rapid DBA productivity through the use of application masking templates.
  • Supports custom data masks that are defined once and can be used every time that set of data needs to be masked.
  • Data security is integrated within the application management lifecycle, meaning that DBAs can provide realistic-masked production data to developers or testing groups for accurate application testing while reducing their storage costs by not having to provision an entire production environment for each developer or project.
  • Oracle Data Masking Pack is built into and installed with Oracle Enterprise Manager 12c.

Data Masking for Security and Compliance
Oracle Data Masking offers a comprehensive and customizable library of masking formats, templates and policies that can be used to replace sensitive information with realistic simulated values—all with just a few mouse clicks. The sensitive data never has to leave the Oracle Database or the production environment. This maintains data security and compliance through privacy and confidentiality polices on shared production data. The solution helps protect against unauthorized access to data that is being shared with off-shore developers, partners or 3rd party vendors.


Oracle Data Masking Pack: Centralized Extensible Format Library.

In addition, Oracle Data Masking allows organizations to enforce compliance with regulatory requirements such as; Sarbanes-Oxley, Payment Card Industry Data Security Standards, Health Insurance Portability and Accountability Act, as well as numerous other laws and regulations that restrict the use of actual customer data.

Oracle Data Masking continues to gain strong adoption, check out the latest customers to see how they are benefiting from the solution:

LEARN MORE:

Stay Connected:
Twitter |
Facebook | YouTube | Linkedin | Newsletter
Download the Oracle Enterprise Manager Cloud Control12c Mobile app

Tuesday Jan 29, 2013

WEBCAST: Protect Your Sensitive and Confidential Data Using Oracle Data Masking Solution

Thursday February 7
10:00 a.m. PST / 1:00 p.m. EST

Join us for a live and interactive webcast on how to comply with regulatory requirements and data protection policies by protecting sensitive data in non-production Oracle Databases as well as non-Oracle databases using Oracle Data Masking Pack, a part of Oracle Enterprise Manager 12c quality management and Oracle Database Security defense-in-depth solution. Topics include:

  • Automatically discovering sensitive data
  • Standard and advanced masking techniques made easy
  • Eliminate the need for a staging database using At-source masking
  • Secure your Oracle Applications (Oracle E-Business Suite, Oracle Fusion Applications) data quickly using masking templates
  • Seamless masking integration with Oracle's data subsetting solution
Register today
Stay Connected:
Twitter |
Facebook | YouTube | Linkedin | Newsletter
Download the Oracle Enterprise Manager Cloud Control12c Mobile app

Wednesday Aug 24, 2011

Overview demo of Oracle Data Masking solution - Safely use production data for development, testing and sharing with partners.

Enterprises run the risk of breaching sensitive information when copying production data into non-production environments for the purposes of application development, testing or data analysis. Oracle Data Masking Pack helps reduce this risk by irreversibly replacing the original sensitive data with fictitious data so that production data can be shared safely with IT developers or offshore business partners.

This demo provides a high level overview demo of the Oracle Data Masking solution and how customers can safely use production data for development, testing and sharing with outsourced or offshore partners.

For more information, please go to Oracle Enterprise manager for Database web page.


About

Latest information and perspectives on Oracle Enterprise Manager.

Related Blogs




Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
3
5
6
7
9
10
11
12
13
14
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today