Thursday Jul 17, 2014

What's the Difference Between Oracle Transparent Data Encryption, Data Masking and Data Redaction?

Oracle database security solutions provide three means of making data at rest unreadable. We sometimes get questions about their differences.

Oracle Advanced Security 

Transparent Data Encryption (TDE), a capability of Oracle Advanced Security, is transparent to applications and users by encrypting data within the Oracle Database on disk, without any changes to existing applications. TDE is available as a part of the Oracle Database, so if you have Oracle, you have Oracle Advanced Security and would simply require a license to activate.

When would you use TDE? 

TDE stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace files and attacks from thieves attempting to read information from acquired disks or backups are denied access to the clear text data.

Data Redaction, also a capability of Oracle Advanced Security, provides selective, on-the-fly redaction of sensitive data in SQL query results prior to display by applications so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. 

When would you use data redaction? 

Existing applications often return sensitive data to call center and support staff employees, or even customers that include date of birth, social security numbers, and more.  Traditionally, organizations would have to access and change application source code in order to redact sensitive data. This can be error-prone, laborious, and performance-heavy. Data redaction mitigates this risk and helps organizations comply with compliance requirements, such as PCI DSS, by masking displayed data within applications.

Learn more about transparent data encryption and data redaction. 

Oracle Data Masking and Subsetting

Data Masking enables sensitive information such as credit card or social security numbers to be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-sourcing partners or off-shore teams for other nonproduction purposes..  

When would you use data masking?  

Data masking is used for nonproduction environments for quality assurance, testing, and development purposes. Many organizations inadvertently breach information when they routinely copy sensitive and regulated production data into nonproduction environments. Data in nonproduction environments, which can be lost or stolen, has increasingly become the target of cyber criminals. Data masking helps organizations reduce this risk and comply with compliance requirements.

Learn more about data masking. 

Tuesday Aug 13, 2013

Data Redaction: New for Oracle Database 12c

New to Oracle Advanced Security, Data Redaction provides selective, on-the-fly redaction of sensitive data in SQL query results prior to application display so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. Data Redaction has no impact on database operational activities such as backup and restore, upgrade and patch, and high availability clusters.

Unlike historical approaches that relied on application coding and new software components, Data Redaction policies are enforced directly in the database kernel. Declarative policies can apply different data transformations such as partial, random, and full redaction. Redaction can be conditional, based on different factors that are tracked by the database or passed to the database by applications such as user identifiers, application identifiers, or client IP addresses. A redaction format library provides pre-configured column templates to choose from for common types of sensitive information such as credit card numbers and national identification numbers. Once enabled, polices are enforced immediately, even for active sessions

For more information on data redaction:

Thursday May 02, 2013

Demo of Oracle Data Masking Using Enterprise Manager 12c

Data masking, also known as data scrambling or data anonymization, is the process of obscuring sensitive information copied from a production database to a test or non-production database. Data masking is ideal for confidential or regulated data that needs to be shared with non-production users who require access to the original data, but not true data.

Watch this demo to see how the Oracle E-Business Suite Template for the Data Masking Pack, when applied with the Oracle Enterprise Manager 12c Cloud Control Data Masking tool, scrambles sensitive data in a copy of the production system.

Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Thursday Feb 14, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner, Inc. has named Oracle as a Leader in its first “Magic Quadrant for Data Masking Technology(1). Gartner’s Magic Quadrant reports position vendors within a particular quadrant based on their completeness of vision and ability to execute.

According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”

“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”

Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.

(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012

Wednesday Jan 23, 2013

SquareTwo Enables Development Efficiency, Compliance with Oracle

SquareTwo Financial, a leader in the $100 billion asset recovery and management industry, enables fast growth and regulatory compliance with Oracle Database Security defense-in-depth solutions. Hear J-T Gaietto, manager of information security, discuss how they use Oracle Database Firewall, Oracle Data Masking, and Oracle Advanced Security to enable fast growth and comply with regulatory mandates. 

SquareTwo Financial Enables Development Efficiency and Compliance with Oracle Database Security

Watch the video.

Challenges

  • Comply with a number of regulations: GLBA, HIPAA HITECH, SOX, and PCI DSS
  • Prove separation of duties for Sarbanes-Oxley Act compliance
  • Quickly scale IT security to address fast 37% company growth
  • Minimal disruption to 5.9 million accounts while maintaining growth
  • Secure heterogeneous database environment, with no application changes

Solution

  • Address compliance with database firewall, transparent data encryption,
    data masking for a comprehensive database security defense-in-depth strategy
  • Database activity monitoring to protect against insider and external threats,
    including SQL injection attacks
  • Secure Oracle Exadata and Microsoft SQL Server database activity, with
    no application changes 

 Listen to the podcast for more details.

Wednesday Aug 29, 2012

Why Cornell University Chose Oracle Data Masking

One of the eight Ivy League schools, Cornell University found itself in the unfortunate position of having to inform over 45,000 University community members that their personal information had been breached when a laptop was stolen. To ensure this wouldn’t happen again, Cornell took steps to ensure that data used for non-production purposes is de-identified with Oracle Data Masking.

A recent podcast highlights why organizations like Cornell are choosing Oracle Data Masking to irreversibly de-identify production data for use in non-production environments. Organizations often copy production data, that contains sensitive information, into non-production environments so they can test applications and systems using “real world” information. Data in non-production has increasingly become a target of cyber criminals and can be lost or stolen due to weak security controls and unmonitored access. Similar to production environments, data breaches in non-production environments can cost millions of dollars to remediate and cause irreparable harm to reputation and brand.

Cornell’s applications and databases help carry out the administrative and academic mission of the university. They are running Oracle PeopleSoft Campus Solutions that include highly sensitive faculty, student, alumni, and prospective student data. This data is supported and accessed by a diverse set of developers and functional staff distributed across the university.

Several years ago, Cornell experienced a data breach when an employee’s laptop was stolen.  Centrally stored backup information indicated there was sensitive data on the laptop. With no way of knowing what the criminal intended, the university had to spend significant resources reviewing data, setting up service centers to handle constituent concerns, and provide free credit checks and identity theft protection services—all of which cost money and took time away from other projects.

To avoid this issue in the future Cornell came up with several options; one of which was to sanitize the testing and training environments.

“The project management team was brought in and they developed a project plan and implementation schedule; part of which was to evaluate competing products in the market-space and figure out which one would work best for us.  In the end we chose Oracle’s solution based on its architecture and its functionality.” – Tony Damiani, Database Administration and Business Intelligence, Cornell University

The key goals of the project were to mask the elements that were identifiable as sensitive in a consistent and efficient manner, but still support all the previous activities in the non-production environments. Tony concludes, 

“What we saw was a very minimal impact on performance. The masking process added an additional three hours to our refresh window, but it was well worth that time to secure the environment and remove the sensitive data. I think some other key points you can keep in mind here is that there was zero impact on the production environment. Oracle Data Masking works in non-production environments only. Additionally, the risk of exposure has been significantly reduced and the impact to business was minimal.”

With Oracle Data Masking organizations like Cornell can:

  • Make application data securely available in non-production environments
  • Prevent application developers and testers from seeing production data
  • Use an extensible template library and policies for data masking automation
  • Gain the benefits of referential integrity so that applications continue to work

Listen to the podcast to hear the complete interview. 

Learn more about Oracle Data Masking by registering to watch this SANS Institute Webcast and view this short demo.

Tuesday May 29, 2012

Data Masking for Oracle E-Business Suite

E-Business Suite customers can now use Oracle Data Masking to obscure sensitive information in non-production environments. Many organizations are inadvertently exposed when copying sensitive or regulated production data into non-production database environments for development, quality assurance or outsourcing purposes. Due to weak security controls and unmonitored access, these non-production environments have increasingly become the target of cyber criminals. Learn more about the announcement here.

Tuesday Mar 06, 2012

Protecting Life-Saving Patient and Donor Data

With more than 9 million donors as part of its Be the Match registry, the National Marrow Donor Program (NMDP) collects and manages a large amount of sensitive medical information. This data has helped enable more than 43,000 marrow and umbilical cord blood transplants for patients suffering from diseases such as lymphoma and leukemia. As the director of IT infrastructure for NMDP, Kyle Nelson understands the importance of both patient and donor information and the systems that protect this data. “Arguably our most-critical technologies are the Oracle databases and comprehensive database defense-in-depth security solutions that store and protect the sensitive information of critical marrow and cord blood patients and donors,” says Nelson. 

NMDP Discusses Oracle Database Security Solutions

National Marrow Donor Program: Oracle Database Security Defense in Depth
Hear how the National Marrow Donor Program protects life-saving patient and donor data with Oracle Database Security defense-in-depth solutions including Oracle Advanced Security, Oracle Database Vault and Oracle Data Masking.

Every year, thousands of patients with life-threatening diseases such as leukemia, lymphoma, and sickle cell disease need a marrow or cord blood transplant, but don’t have a match in their family. Learn how you can help.

Wednesday Jul 06, 2011

Oracle Data Masking: Irreversibly De-Identify Sensitive Data For Non-Production Use

Check out the new Oracle Data Masking Flash Overview.

Many organizations inadvertently breach information when they routinely copy sensitive or regulated production data into non-production environments. Data in non-production environments has increasingly become the target of cyber criminals and can be lost or stolen due to weak security controls and unmonitored access. Just like data breaches in production environments, data breaches in non-production environments can cost millions of dollars to remediate and cause irreparable harm to reputation and brand.

With Oracle Data Masking Pack, sensitive and valuable information such as credit card and social security numbers can be replaced with realistic values. This allows production data to be safely used for development, testing, and sharing with out-source or off-shore partners, or other non-production purposes.

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today