1. Oracle Database Security Gabriel Trauvitch Master Principal
Solutions Specialist Grid Architect Technology Presales Greece
& SEE
2. More Data Than Ever Growth Doubles Yearly 1,800 Exabytes
2006 2011 Source: IDC, 2008 2
3. Oracle Database Security Business Drivers Industrial
Espionage Security Threats Identity Theft Insider Threats Data
Consolidation Globalization Right Sourcing SOX HIPAA PCI Compliance
Mandates EU FDA Basel II GLBA SB1386 Directives 3
4. More Breaches Than Ever Data Breach Once exposed, the data
is out there the bell cant be un-rung PUBLICLY REPORTED DATA
BREACHES 400 300 630% Increase 200 100 Total Personally Identifying
Information Records Exposed 0 (Millions) 2005 2006 2007 2008
Average cost of a data breach $202 per record Average total cost
exceeds $6.6 million per breach Source: DataLossDB, Ponemon
Institute, 2009 4
5. More Threats Than Ever 5
6. Market Overview: IT Security In 2009 There has been a clear
and significant shift from what was the widely recognized state of
security just a few years ago. Protecting the organization's
information assets is the top issue facing security programs: data
security (90%) is most often cited as an important or very
important issue for IT security organizations, followed by
application security (86%). Market Overview: IT Security In 2009 -
Jonathan Penn, April 22, 2009 6
7. Data Security Challenges What to secure? Sensitive Data:
Confidential, PII, regulatory Data in packaged and custom
applications Secure Life cycle: creation, transit, storage, backup,
test, transfer Can we secure it now? Secure using existing systems?
Transparent? Loss, Unauthorized access, Separation of Duty Will it
meet business requirements? Flexible, Transparent, Compliant?
Secures both custom and packaged applications? Will it reduce
operational cost? Easy to manage? Performant? 7
8. Oracle Database Security Defense-in-Depth for Security and
Compliance Monitoring Audit Vault Total Configuration Management
Recall Access Control Database Label Vault Security Encryption and
Masking Advanced Data Secure Security Masking Backup 8
9. Oracle Database Security Defense-in-Depth for Security and
Compliance Encryption and Masking Advanced Data Secure Security
Masking Backup 9
10. Oracle Advanced Security Transparent Data Encryption Disk
Backups Exports Application Off-Site Facilities No application
changes required Efficient encryption of all application data
Built-in key lifecycle management Works with Exadata V2 Smart Scans
Works with Oracle Advanced Compression 10
11. Oracle Advanced Security Network Encryption & Strong
Authentication Standard-based encryption for data in transit Strong
authentication of users and servers No infrastructure changes
required Easy to implement 11
12. Oracle Secure Backup Integrated Tape or Cloud Backup
Management Secure data archival to tape or cloud Easy to administer
key management Fastest Oracle Database tape backups Leverage
low-cost cloud storage 12
13. Oracle Data Masking Irreversible De-Identification
Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000 ANSKEKSL 11123-1111 40,000 BENSON
323-22-2943 60,000 BKJHHEIEDK 222-34-1345 60,000 Remove sensitive
data from non-production databases Referential integrity preserved
so applications continue to work Extensible template library and
policies for automation 13
14. Large Credit Card Services Provider Cost Effective
Encryption of Card Holder Data Protect sensitive card holder data
Business Challenges Comply with PCI Deployed Oracle Advanced
Security TDE Solution Tablespace Encryption Addressed internal and
external requirements Business Results Leveraged Oracle Advanced
Security integration with Hardware Security Modules for network
based management of TDE master encryption key 14
15. U.S. Pharmaceutical Tools Manufacturer Oracle Advanced
Security Protects Sensitive Data Worried about protection of
intellectual Business Challenges property and sensitive employee
data Oracle Advanced Security TDE column encryption Easy
implementation within hours (Oracle Solution PeopleSoft) TDE with
HSM made corporate-wide standard Average end-user responses time:
+2.5 % Cost effective and transparent implementation of data
encryption with no application changes Business Results Protection
of sensitive data at rest and on backup media 15
16. EMEA-based Real Estate Company Data Masking Pack
accelerated availability of production data for testing while
improving DBA productivity Custom scripts to mask sensitive data
were not able to scale to meet growing data volumes Business
Challenges DBA team under increasing pressure to make production
data available to for application testing within short time frames
Data Masking Pack delivered an out-of-the-box solution to replace
custom database scripts Solution High performance masking
capabilities accelerated masking process from 6 hours using
database scripts to 6 minutes using Data Masking Pack 60 X
performance improvement in masking process resulted in faster
turnaround of test system creation Business Results Improved DBA
productivity by eliminating the requirement to maintain custom
scripts 16
17. Oracle Database Security Defense-in-Depth for Security and
Compliance Access Control Database Label Vault Security Encryption
and Masking Advanced Data Secure Security Masking Backup 17
18. Oracle Database Vault Separation of Duties & Privileged
User Controls Procurement DBA HR Application Finance select * from
finance.customers DBA separation of duties Limit powers of
privileged users Securely consolidate application data No
application changes required Works with Oracle Exadata V2 Database
Machine 18
19. Oracle Database Vault Multi-Factor Access Control Policy
Enforcement Procurement HR Application Rebates Protect application
data and prevent application by-pass Enforce who, where, when, and
how using rules and factors Out-of-the box policies for Oracle
applications, customizable 19
20. Oracle Label Security Data Classification for Access
Control Sensitive Transactions Confidential Report Data Public
Reports Confidential Sensitive Classify users and data based on
business drivers Database enforced row level access control Users
classification through Oracle Identity Management Suite
Classification labels can be factors in other policies 20
21. Large US Based Global Bank Enable Secure Cost Effective
Deployments Outsource administration of multiple applications
(E-Business Suite, PeopleSoft and other in-house and 3rd party
applications) Business Cross Border security controls to protect
country-specific sensitive Challenges client data from DBA access
in a different country Deploy a security solution that is certified
with applications and with minimal performance overhead Deployed
Oracle Database Vault on 18+ applications including E- Business
Suite, PeopleSoft and other internal and 3rd party applications to
prevent privileged user access to application data Solution Used
Database Vault multi-factor authorization to enforce cross- border
access control and to prevent Application Bypass Over 200K users
accessing these systems globally Saved over $15M a year by
outsourcing/off-shoring backend Business administration operations
Results Addressed Cross Border security requirements Passed
external audit and avoided paying fines 21
22. Pharmaceutical Services Provider Protect Sensitive Customer
Information and Address Regulations Protect and secure the privacy
of very sensitive customer medical data and employee data in
PeopleSoft Business Challenges Comply with internal policies and
external regulations (HIPAA, SOX, Privacy Laws) Prevent privileged
user access to sensitive data Deployed Oracle Database Vault with
out-of-the-box Solution PeopleSoft protection policies Took 14 days
to go production Complied with HIPAA and other privacy regulations
Passed external audit Saved on consulting costs and deployment time
by using Business Results the out-of-the-box Database Vault
protection policies Deployed Database Vault with minimal changes to
existing internal processes and procedures 22
23. Large European Telecom Provider Enable Organization to Meet
Regulations Protect the privacy of sensitive client data in their
telecom billing system Business Meet internal, European Data
Security Directive, and country-specific Challenges privacy
requirements Prevent tampering or deletion of database objects or
database users Used Database Vault Realms and Command Rules to
prevent DBAs from accessing sensitive data Used Command Rules to
prevent tampering or deletion of database Solution objects or users
Used multi-factor authorization to prevent Application Bypass based
on IP address Secure the third party billing system without any
application changes Comply with internal, European, and
country-specific privacy laws Business Cost effective preventive
controls against any tampering or deletion of Results database
objects or users Maintain good performance without buying
additional hardware 23
24. Oracle Database Security Defense-in-Depth for Security and
Compliance Monitoring Audit Vault Total Configuration Management
Recall Access Control Database Label Vault Security Encryption and
Masking Advanced Data Secure Security Masking Backup 24
25. Oracle Audit Vault Automated Activity Monitoring &
Audit Reporting HR Data ! Alerts Built-in CRM Data Reports Audit
Data Custom ERP Data Reports Databases Policies Auditor Consolidate
audit data into secure repository Detect and alert on suspicious
activities Out-of-the box compliance reporting Centralized audit
policy management 25
26. Oracle Total Recall Secure Change Tracking select salary
from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM where emp.title =
admin Transparently track data changes Efficient, tamper-resistant
storage of archives Real-time access to historical data Enables
forensics and error correction 26
28. European Healthcare Insurance Provider Simplified Reporting
and Stronger Security Internal and external database audit
requirements across 10 Oracle and SQL Server databases Business
Challenges Took 3 months and 2 part time people to create the audit
reports for yearly audit No monitoring for insider threats Oracle
Audit Vault consolidated reporting on audit data from Oracle and
SQL Server Solution Oracle Audit Vault consolidation of audit data
removed DBA from audit review process Saved 100s of hours in report
generations Worked with auditors to create customized reports from
the out-of-the box default reports for Business Results
personalized content Estimated return on investments in less than
18 months 28
29. Large Financial Services Provider Stronger Controls Audit
credit card transactions 20+ production Oracle databases with
native Business Challenges auditing already turned on Need for
reports and no resource or budget to create and review them Oracle
Audit Vault audit data collection and secure centralized storage
Solution Audit Vault proactively monitors privileged user access
violations, failed database logins, and generates forensic data
Passed internal audits Automated reporting on credit card
transactions Business Results Secure consolidation of audit data
Detected policy violations of database activity Deployed in
production in 3 months 29
30. Large European Telco Provider Address Telco Regulations on
Call Records Audit credit card transactions 20+ production Oracle
databases with native Business Challenges auditing already turned
on Need for reports and no resource or budget to create and review
them Oracle Audit Vault audit data collection and secure
centralized storage Solution Audit Vault proactively monitors
privileged user access violations, failed database logins, and
generates forensic data Passed internal audits Automated reporting
on credit card transactions Business Results Secure consolidation
of audit data Detected policy violations of database activity
Deployed in production in 3 months 30
31. Oracle Database Security Defense-in-Depth for Security and
Compliance Monitoring Audit Vault Total Configuration Management
Recall Access Control Database Label Vault Security Encryption and
Masking Advanced Data Secure Security Masking Backup 31
32. For More Information search.oracle.com database security
oracle.com/database/security 32