Wednesday Sep 10, 2014

SANS Webcast: Simplifying Data Encryption and Redaction Without Touching the Code

SANS Analyst and Instructor and well known security expert, Dave Shackleford, will be doing a review of Oracle Advanced Security on September 16, 12:00 p.m. ET/ 3:00 p.m. ET

Register now for the webcast "Simplifying Data Encryption and Redaction Without Touching the Code" 

The need for organizations to protect sensitive information has never been more paramount. The risks of data breaches and sensitive data exposures are driving organizations to look for solutions, as an increasing amount of data is being stored and processed outside the perimeter, in cloud applications and service environments. Organizations must protect this sensitive data at its heart, in the databases. In this webcast, we discuss a recent review by SANS Analyst and Instructor Dave Shackleford of Oracle Advanced Security for Oracle Database 12c and its encryption and redaction capabilities.

Register for the webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the Analyst Program's review of Oracle Advanced Security.

Thursday Jul 17, 2014

What's the Difference Between Oracle Transparent Data Encryption, Data Masking and Data Redaction?

Oracle database security solutions provide three means of making data at rest unreadable. We sometimes get questions about their differences.

Oracle Advanced Security 

Transparent Data Encryption (TDE), a capability of Oracle Advanced Security, is transparent to applications and users by encrypting data within the Oracle Database on disk, without any changes to existing applications. TDE is available as a part of the Oracle Database, so if you have Oracle, you have Oracle Advanced Security and would simply require a license to activate.

When would you use TDE? 

TDE stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace files and attacks from thieves attempting to read information from acquired disks or backups are denied access to the clear text data.

Data Redaction, also a capability of Oracle Advanced Security, provides selective, on-the-fly redaction of sensitive data in SQL query results prior to display by applications so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. 

When would you use data redaction? 

Existing applications often return sensitive data to call center and support staff employees, or even customers that include date of birth, social security numbers, and more.  Traditionally, organizations would have to access and change application source code in order to redact sensitive data. This can be error-prone, laborious, and performance-heavy. Data redaction mitigates this risk and helps organizations comply with compliance requirements, such as PCI DSS, by masking displayed data within applications.

Learn more about transparent data encryption and data redaction. 

Oracle Data Masking and Subsetting

Data Masking enables sensitive information such as credit card or social security numbers to be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-sourcing partners or off-shore teams for other nonproduction purposes..  

When would you use data masking?  

Data masking is used for nonproduction environments for quality assurance, testing, and development purposes. Many organizations inadvertently breach information when they routinely copy sensitive and regulated production data into nonproduction environments. Data in nonproduction environments, which can be lost or stolen, has increasingly become the target of cyber criminals. Data masking helps organizations reduce this risk and comply with compliance requirements.

Learn more about data masking. 

Wednesday Oct 02, 2013

Security in Oracle Database 12c Gives Reason for Customers to Upgrade

The latest edition of Oracle Magazine, headlined with Plug into the Cloud, gives many reasons for customers to upgrade to the latest release of Oracle Database 12c

In the article Time to Upgrade, Michelle Malcher, President of the Independent Oracle Users Group (IOUG) and Oracle ACE Director, says "Oracle Database 12c is packed with several new and enhanced security features. A great new security feature is privilege analysis, which allows DBAs to get to the bottom of what permissions are really needed and used. How much time is that going to save in audit reports and managing the security for least privilege?"

To prepare for the latest edition of Oracle Database, Malcher had an opportunity sit down and beta test the latest features with others. During this time, we captured some of her comments, along with other beta testers, about another new feature: data redaction (see below video).

She goes on to say "Redaction is another security features that is easy to implement and probably will save a lot of time previously spent having to mask data in different environments or code solutions to hide private data and information. Setting up a comprehensive redaction policy for users, applications, and environments can further protect sensitive data.

Learn more about the new security features in the latest release of Oracle Database 12c.

Wednesday Sep 11, 2013

Shedding a Light on Security

Organizations worldwide are scrambling to secure sensitive information in response to regulatory pressure for protecting data privacy and integrity, as well as protect from increasingly sophisticated attacks targeting this data. Encrypting data in applications, however, requires costly and complex code changes, often with disastrous performance consequences. Fortunately these pitfalls can be avoided. Check out this video on data redaction and register to receive the latest information on this new technology in Oracle Database 12c. 

Also, learn more about data redaction here


Tuesday Aug 13, 2013

Data Redaction: New for Oracle Database 12c

New to Oracle Advanced Security, Data Redaction provides selective, on-the-fly redaction of sensitive data in SQL query results prior to application display so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. Data Redaction has no impact on database operational activities such as backup and restore, upgrade and patch, and high availability clusters.

Unlike historical approaches that relied on application coding and new software components, Data Redaction policies are enforced directly in the database kernel. Declarative policies can apply different data transformations such as partial, random, and full redaction. Redaction can be conditional, based on different factors that are tracked by the database or passed to the database by applications such as user identifiers, application identifiers, or client IP addresses. A redaction format library provides pre-configured column templates to choose from for common types of sensitive information such as credit card numbers and national identification numbers. Once enabled, polices are enforced immediately, even for active sessions

For more information on data redaction:

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today