Thursday May 12, 2016

How Spain Protects 400 Million Citizen Records

Ministry of Justice of Spain (Ministerio de Justicia de España) is the public entity responsible for preparing, managing, and executing Spanish government justice system policy. It oversees the consistent execution of national laws across the country’s 23 provincial offices, while coordinating funding and procurement for tribunals, magistrate courts, and prosecutor’s offices. The organization is responsible for managing all staff - including lawyers, court officers, clerks and other administrative personnel - involved in the justice system. 

“We selected Oracle because we know its solutions work flawlessly. Oracle solutions are an investment in peace of mind and security,” said Jose Luis Hernández Carrión, Deputy Director of New Technologies for Justice.

Spain’s Ministry of Justice allocates resources based on different jurisdictional needs, which fluctuate based on crime rates, type and seasonality. The organization’s IT department provides support to the central registry, a number of other provincial offices nationwide, collecting data from all jurisdictions, archiving it and providing decision-makers with the tools needed to analyze resource allocation and program efficiency


  • Ensure compliance with data privacy laws by protecting citizens’ personal data
  • Control and monitor access to data, restricting it to authorized users and mitigating the risk of data leaks
  • Enable real-time backup of geographically disperse databases to reduce downtime, improve recovery time, and reduce costs


  • Comply with data privacy laws by using Oracle Advanced Security to encrypt more than 400 million pieces of citizens’ personal information
  • Establish an access control and monitoring system, isolating user functions to enable only authorized users to access or modify data, logging all accesses to mitigate the risk of data leaks and ensure accountability
  • Secure data in development and test environments with Oracle Data Masking and Subsetting Pack, enabling the ministry to develop and test new applications without compromising sensitive datareducing overall masking time from a week to a few hours
  • Use Oracle Active Data Guard to centralize more than 20 geographically dispersed standby databases, reducing costs 8x by executing 8 backups simultaneously on a single machine
  • Enable real-time backups with Oracle Active Data Guard, eliminating downtime and reducing data recovery window from 48 hours or more to 2 hours—improving the ministry’s productivity and enabling forms and data to remain available to citizens 

Why Oracle?

Oracle Advanced Security, Oracle Data Masking and Subsetting Pack, and Oracle Active Data Guard seamlessly integrated with the ministry’s Oracle Database.

“We selected Oracle because we know its solutions work flawlessly. Oracle solutions are an investment in peace of mind and security,” said Jose Luis Hernández Carrión, Deputy Director of New Technologies for Justice.

Success story here 

Thursday Jan 07, 2016

Cloud Prediction #2: Security as an Enabler

Check out Oracle's eleven critical predictions as we head into 2016 and you'll find security will move from a barrier to cloud adoption to one of its main benefits.

“Today, the #1 reason organizations are not moving to the cloud is security. However, tomorrow, security will be one of the most important drivers to move to the cloud,” said Oracle CIO Mark Sunday. 

Security should be an enabler for organizations to move to the cloud. A company like Oracle has both the logical and physical security resources and knowledge that many organizations cannot match. Oracle's cloud is a very secure cloud that provides our customers trust that their applications run securely so they can focus on innovation.  

Brakes on a car enable you to go faster. Without brakes, you must go slowly and you can’t drive down hills. It’s very limiting. The cloud is a business enabler and security must be necessary and sufficient so that organizations can move fast as well as safe. 

“Cloud vendors like Oracle that have a comprehensive and integrated defense of layered security controls are what can turn security from an inhibitor to an enabler of enterprise cloud deployments,” Sunday concludes.

Read his prediction and the ten others here.  

Thursday Sep 24, 2015

Encryption is the Easy Part; Managing those Keys is Difficult

Security threats and increased regulation of personally identifiable information, payment card data, healthcare records, and other sensitive information have expanded the use of encryption in the data center and cloud. As a result, management of encryption keys, certificates, wallets, and other secrets has become a vital part of an organization’s ecosystem, impacting both security and business continuity. Join this ISACA and Oracle webcast as we examine the challenges with encryption, on premise and in cloud, and how key management best practices can help facilitate the secure deployment of encryption across the enterprise. Challenges we’ll address include:
  •     Managing encryption keys, Oracle Wallets, Java Keystores and Credential files across the enterprise
  •     Securely sharing keys across authorized endpoints
  •     Auditing key access controls and key lifecycle changes
  •     Detailed management reports

ISACA Members Earn Free CPE

Special Guest

Note, we'll have special guest Saikat Saha who has specialized in the area of data encryption and key management. Saikat currently works as product manager in the Oracle Database security team. He also serves as co-chair of the OASIS KMIP (Key Management Interoperability Protocol) industry standard technical committee. He has launched multiple successful security products in the market related to data encryption, application encryption and key management over last decade. Saikat holds a B.E from National Institute of Technology, Durgapur, India and an MBA from Leavey School of Business, Santa Clara University.

When and Where?

Date:  Thursday, 8 October 2015
Time:  12PM (EDT) / 11AM (CDT) / 9:00 (PDT)

Register Now

Tuesday Jan 13, 2015

34% of Organizations Say Data Breach “Somewhat likely” to “Inevitable” in 2015

According to the latest Independent Oracle Users Group (IOUG) Enterprise Data Security Survey, one third of organizations say that a data breach is "somewhat likely" to "inevitable" in the next 12 months, up from 20% in 2008. Are organizations coming to the realization that data breaches will happen? 

2014 IOUG Data Security Survey Likelihood of a Data Breach

Each year, the IOUG surveys a wide range of database security and IT professionals responsible for security, and examines the current state of enterprise data security. They summarize the 2014 findings of 353 data managers and professionals in order to help educate organizations about data security.

The likelihood of a data breach has grown over the years since they first began asking this question, and is similar to other surveys of this ilk. According to the Ponemon 2014 Cost of a Data Breach Study, we see as much as 30% probability.

According to another Ponemon study "Data Breach: The Cloud Multiplier Effect," those surveyed estimate that every one percent increase in the use of cloud services will result in a 3 percent higher probability of a data breach.

When looking at history, survey respondents of the IOUG report say that they often have no idea whether a breach has occurred--or worse--is occurring:

"We cannot be certain there has been no silent breach. There is no evidence we have detected a breach or corruption. But picturing yourself as highly unlikely to be breached we feel is like wearing a ‘kick-me’ sign on your backside."

2014 IOUG Data Security Survey Known Data Breaches

To learn more, download the 2014 IOUG Data Security Survey Report here

Friday Sep 12, 2014

New KuppingerCole Report on Audit Vault and Database Firewall

KuppingerCole analyst Rob Newby recently (August 2014) put together an executive review of the award-winning Oracle Audit Vault and Database Firewall that you can pick up here for a fee. The paper (4 pages on AVDF, 7 total) goes into a description of the solution and how it works from both the Audit Vault, and Database Firewall perspectives. It further covers reporting and alerting, as well as integration with other Oracle products, summarizing with strengths and challenges.

Happy weekend reading.

Wednesday Sep 10, 2014

SANS Webcast: Simplifying Data Encryption and Redaction Without Touching the Code

SANS Analyst and Instructor and well known security expert, Dave Shackleford, will be doing a review of Oracle Advanced Security on September 16, 12:00 p.m. ET/ 3:00 p.m. ET

Register now for the webcast "Simplifying Data Encryption and Redaction Without Touching the Code" 

The need for organizations to protect sensitive information has never been more paramount. The risks of data breaches and sensitive data exposures are driving organizations to look for solutions, as an increasing amount of data is being stored and processed outside the perimeter, in cloud applications and service environments. Organizations must protect this sensitive data at its heart, in the databases. In this webcast, we discuss a recent review by SANS Analyst and Instructor Dave Shackleford of Oracle Advanced Security for Oracle Database 12c and its encryption and redaction capabilities.

Register for the webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the Analyst Program's review of Oracle Advanced Security.

Thursday Jul 17, 2014

What's the Difference Between Oracle Transparent Data Encryption, Data Masking and Data Redaction?

Oracle database security solutions provide three means of making data at rest unreadable. We sometimes get questions about their differences.

Oracle Advanced Security 

Transparent Data Encryption (TDE), a capability of Oracle Advanced Security, is transparent to applications and users by encrypting data within the Oracle Database on disk, without any changes to existing applications. TDE is available as a part of the Oracle Database, so if you have Oracle, you have Oracle Advanced Security and would simply require a license to activate.

When would you use TDE? 

TDE stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace files and attacks from thieves attempting to read information from acquired disks or backups are denied access to the clear text data.

Data Redaction, also a capability of Oracle Advanced Security, provides selective, on-the-fly redaction of sensitive data in SQL query results prior to display by applications so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. 

When would you use data redaction? 

Existing applications often return sensitive data to call center and support staff employees, or even customers that include date of birth, social security numbers, and more.  Traditionally, organizations would have to access and change application source code in order to redact sensitive data. This can be error-prone, laborious, and performance-heavy. Data redaction mitigates this risk and helps organizations comply with compliance requirements, such as PCI DSS, by masking displayed data within applications.

Learn more about transparent data encryption and data redaction. 

Oracle Data Masking and Subsetting

Data Masking enables sensitive information such as credit card or social security numbers to be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-sourcing partners or off-shore teams for other nonproduction purposes..  

When would you use data masking?  

Data masking is used for nonproduction environments for quality assurance, testing, and development purposes. Many organizations inadvertently breach information when they routinely copy sensitive and regulated production data into nonproduction environments. Data in nonproduction environments, which can be lost or stolen, has increasingly become the target of cyber criminals. Data masking helps organizations reduce this risk and comply with compliance requirements.

Learn more about data masking. 

Friday Jun 06, 2014

Payback Is The Coupon King

PAYBACK GmbH operates the largest marketing and couponing platforms in the world—with more than 50 million subscribers in Germany, Poland, India, Italy, and Mexico. 

The Security Challenge

Payback handles millions of requests for customer loyalty coupons and card-related transactions per day under tight latency constraints—with up to 1,000 attributes or more for each PAYBACK subscriber. Among the many challenges they solved using Oracle, they had to ensure that storage of sensitive data complied with the company’s stringent privacy standards aimed at protecting customer and purchase information from unintended disclosure.

Oracle Advanced Security

The company deployed Oracle Advanced Security to achieve reliable, cost-effective data protection for back-up files and gain the ability to transparently encrypt data transfers.

By using Oracle Advanced Security, organizations can comply with privacy and regulatory mandates that require encrypting and redacting (display masking) application data, such as credit cards, social security numbers, or personally identifiable information (PII).

Learn more about how PAYBACK uses Oracle.

Thursday Feb 20, 2014

New Blog Focused on Oracle Advanced Security

I wanted to let folks know that Todd Bottger, Oracle's product manager for ASO, has a new blog on Oracle Advanced Security. He'll be taking the conversation a lot more technical, so go subscribe to learn more.

Sunday Feb 09, 2014

Oracle Data Redaction Article in Oracle Magazine

Another nice article on Oracle Data Redaction (part of Oracle Advanced Security). This one by Arup Nanda, Oracle ACE Director. Hide from Prying Eyes is found in the latest edition of Oracle Magazine. 

Wednesday Feb 05, 2014

Nice Article on Oracle Data Redaction

Gavin Soorma provides a nice article on the new Data Redaction feature in Oracle Database 12c (and backported to 11g R2). Very nice blog-demo, complete with explanations and screenshots.

Wednesday Oct 02, 2013

Security in Oracle Database 12c Gives Reason for Customers to Upgrade

The latest edition of Oracle Magazine, headlined with Plug into the Cloud, gives many reasons for customers to upgrade to the latest release of Oracle Database 12c

In the article Time to Upgrade, Michelle Malcher, President of the Independent Oracle Users Group (IOUG) and Oracle ACE Director, says "Oracle Database 12c is packed with several new and enhanced security features. A great new security feature is privilege analysis, which allows DBAs to get to the bottom of what permissions are really needed and used. How much time is that going to save in audit reports and managing the security for least privilege?"

To prepare for the latest edition of Oracle Database, Malcher had an opportunity sit down and beta test the latest features with others. During this time, we captured some of her comments, along with other beta testers, about another new feature: data redaction (see below video).

She goes on to say "Redaction is another security features that is easy to implement and probably will save a lot of time previously spent having to mask data in different environments or code solutions to hide private data and information. Setting up a comprehensive redaction policy for users, applications, and environments can further protect sensitive data.

Learn more about the new security features in the latest release of Oracle Database 12c.

Wednesday Sep 11, 2013

Shedding a Light on Security

Organizations worldwide are scrambling to secure sensitive information in response to regulatory pressure for protecting data privacy and integrity, as well as protect from increasingly sophisticated attacks targeting this data. Encrypting data in applications, however, requires costly and complex code changes, often with disastrous performance consequences. Fortunately these pitfalls can be avoided. Check out this video on data redaction and register to receive the latest information on this new technology in Oracle Database 12c. 

Also, learn more about data redaction here

Tuesday Aug 13, 2013

Data Redaction: New for Oracle Database 12c

New to Oracle Advanced Security, Data Redaction provides selective, on-the-fly redaction of sensitive data in SQL query results prior to application display so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. Data Redaction has no impact on database operational activities such as backup and restore, upgrade and patch, and high availability clusters.

Unlike historical approaches that relied on application coding and new software components, Data Redaction policies are enforced directly in the database kernel. Declarative policies can apply different data transformations such as partial, random, and full redaction. Redaction can be conditional, based on different factors that are tracked by the database or passed to the database by applications such as user identifiers, application identifiers, or client IP addresses. A redaction format library provides pre-configured column templates to choose from for common types of sensitive information such as credit card numbers and national identification numbers. Once enabled, polices are enforced immediately, even for active sessions

For more information on data redaction:

Thursday Dec 06, 2012

Columbia University Secures PeopleSoft Financials with Oracle's Transparent Data Encryption

Columbia University, the oldest institution of higher learning in New York, protects sensitive data in Oracle's PeopleSoft Financials using Oracle Advanced Security with transparent data encryption. Hear, Nick Caragiulo, manager of database administration, discuss how Columbia helps address internal and regulatory requirements for encryption of data at rest and in motion.


Who are we?

Follow us on

  • TwitterFacebookLinkedIn


« June 2016