Tänased võimalused turvalahendustes - Tarvi Tara

<Insert Picture Here>

Tänased võimalused turvalahendustes

Tarvi Tara

Oracle

5 Questions Your Business May Ask

• Can we guarantee privacy of our customer data?

• Have we suffered any breaches?

• Do the DBAs know the financial results before the

management?

• Are we in compliance with all regulations?

• Can we secure our existing applications?

2

1

3

4

5

How is Data Compromised?

Source: Verizon 2010 Data Breach

Investigations Report

Typical current security architecture

• Sensitive information created & secured in the database

• Backups are secured

• Access to sensitive database tables controlled

• Information is transmitted securely to the application

• Database to application

• Server to client (application to browser)

• IDM technologies secure access to the application

database application

data center

Oracle Database SecurityDefense-in-Depth

Access Control

• Oracle Database Vault

• Oracle Label Security

• Oracle Advanced Security

• Oracle Secure Backup

• Oracle Data Masking

Encryption and Masking

Auditing and Tracking

• Oracle Audit Vault

• Oracle Configuration Management

• Oracle Total Recall

• Oracle Database Firewall

Monitoring and Blocking

Oracle Database VaultEnforce Security Policies Inside the Database

• Automatic and customizable DBA separation of duties and protective realms

• Enforce who, where, when, and how using rules and factors

• Enforce least privilege for privileged database users

• Prevent application by-pass and enforce enterprise data governance

• Securely consolidate application data or enable multi-tenant data management

Procurement

HR

Finance

Application

DBA

select * from finance.customersDBA

Security

DBA

Application

Oracle Data MaskingIrreversibly De-Identify Data for Non-Production Use

• Make application data securely available in non-production environments

• Prevent application developers and testers from seeing production data

• Extensible template library and policies for data masking automation

• Referential integrity automatically preserved so applications continue to work

LAST_NAME SSN SALARY

ANSKEKSL 111—23-1111 60,000

BKJHHEIEDK 222-34-1345 40,000

LAST_NAME SSN SALARY

AGUILAR 203-33-3234 40,000

BENSON 323-22-2943 60,000

Production Non-Production

Data never leaves Database

You have secured the perimeters…… but digital information is no respecter of perimeters!

SharePoint

Email

File system

Content

Management

Intranet/

Extranet

Which perimeter are we talking about?Many business processes involve external parties

SharePoint

Email

File system

Content

Management

Intranet/

Extranet

Typical methods for securing desktops

Encrypt disk Prevent use of external devices

Monitor information flow(DLP)

OS access control

Encrypt content(PGP)

Prevent use of external services

• Buying all these solutions is expensive

• What about partners, customers, suppliers?

• Massively restrict end users ability to work

• Protect the content instead of location!

<Insert Picture Here>

Oracle Information

Rights Management

Content Author

Content Author Seals Content

Chooses Content Classification

Confidential Highly Restricted

(Board, Legal, M&A, Project, etc.)

Confidential Restricted

Confidential Internal

Public

Could be…

Intellectual property, research, supplier communications, manuals, BI reports…

This User Doesn’t Have Rights to ViewEven if stored on a local file system or external drive

Accesscan be

revokedat any time

This User Only Has Read AccessNo printing, editing or screen captures…

Partner

User can view document in MS Word, but take screenshot and paste….

ECM

Email

File systems

Intranet/extranetDatabases

Oracle IRM Server

Customer

Partner

Supplier

Oracle Information Rights ManagementSecuring all copies of your sensitive information

• Everywhere IRM-encrypted content is stored, transmitted or used• NO ACCESS FOR UNAUTHORIZED USERS

• Transparent, revocable access for authorized users

• Centralized policy and auditing for widely distributed content

• Content security beyond the database, application and firewall

Enterprise perimeters

Oracle Confidential24

Information Rights Management

• Encryption and Masking

• Privileged User Controls

• Multi-Factor Authorization

• Activity Monitoring and Audit

• Secure Configuration

Identity Management

Database Security

Databases

Applications

Content

Oracle Security Inside Out

Infrastructure

• User Provisioning

• Role Management

• Entitlements Management

• Risk-Based Access Control

• Virtual Directories

• Document-level Access Control

• All copies, regardless of location(even beyond the firewall)

• Auditing and Revocation

Information