Upload
oracle-user-group-estonia
View
1.198
Download
0
Embed Size (px)
DESCRIPTION
Event: Oracle Tartu päev Date: 24.05.2011 Place: Ahhaa centre
Citation preview
<Insert Picture Here>
Tänased võimalused turvalahendustes
Tarvi Tara
Oracle
5 Questions Your Business May Ask
• Can we guarantee privacy of our customer data?
• Have we suffered any breaches?
• Do the DBAs know the financial results before the
management?
• Are we in compliance with all regulations?
• Can we secure our existing applications?
2
1
3
4
5
How is Data Compromised?
Source: Verizon 2010 Data Breach
Investigations Report
Typical current security architecture
• Sensitive information created & secured in the database
• Backups are secured
• Access to sensitive database tables controlled
• Information is transmitted securely to the application
• Database to application
• Server to client (application to browser)
• IDM technologies secure access to the application
database application
data center
Oracle Database SecurityDefense-in-Depth
Access Control
• Oracle Database Vault
• Oracle Label Security
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Encryption and Masking
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall
• Oracle Database Firewall
Monitoring and Blocking
Oracle Database VaultEnforce Security Policies Inside the Database
• Automatic and customizable DBA separation of duties and protective realms
• Enforce who, where, when, and how using rules and factors
• Enforce least privilege for privileged database users
• Prevent application by-pass and enforce enterprise data governance
• Securely consolidate application data or enable multi-tenant data management
Procurement
HR
Finance
Application
DBA
select * from finance.customersDBA
Security
DBA
Application
Oracle Data MaskingIrreversibly De-Identify Data for Non-Production Use
• Make application data securely available in non-production environments
• Prevent application developers and testers from seeing production data
• Extensible template library and policies for data masking automation
• Referential integrity automatically preserved so applications continue to work
LAST_NAME SSN SALARY
ANSKEKSL 111—23-1111 60,000
BKJHHEIEDK 222-34-1345 40,000
LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000
BENSON 323-22-2943 60,000
Production Non-Production
Data never leaves Database
You have secured the perimeters…… but digital information is no respecter of perimeters!
SharePoint
File system
Content
Management
Intranet/
Extranet
Which perimeter are we talking about?Many business processes involve external parties
SharePoint
File system
Content
Management
Intranet/
Extranet
Typical methods for securing desktops
Encrypt disk Prevent use of external devices
Monitor information flow(DLP)
OS access control
Encrypt content(PGP)
Prevent use of external services
• Buying all these solutions is expensive
• What about partners, customers, suppliers?
• Massively restrict end users ability to work
• Protect the content instead of location!
<Insert Picture Here>
Oracle Information
Rights Management
Content Author
Content Author Seals Content
Chooses Content Classification
Confidential Highly Restricted
(Board, Legal, M&A, Project, etc.)
Confidential Restricted
Confidential Internal
Public
Could be…
Intellectual property, research, supplier communications, manuals, BI reports…
This User Doesn’t Have Rights to ViewEven if stored on a local file system or external drive
Accesscan be
revokedat any time
This User Only Has Read AccessNo printing, editing or screen captures…
Partner
User can view document in MS Word, but take screenshot and paste….
ECM
File systems
Intranet/extranetDatabases
Oracle IRM Server
Customer
Partner
Supplier
Oracle Information Rights ManagementSecuring all copies of your sensitive information
• Everywhere IRM-encrypted content is stored, transmitted or used• NO ACCESS FOR UNAUTHORIZED USERS
• Transparent, revocable access for authorized users
• Centralized policy and auditing for widely distributed content
• Content security beyond the database, application and firewall
Enterprise perimeters
Oracle Confidential24
Information Rights Management
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
Database Security
Databases
Applications
Content
Oracle Security Inside Out
Infrastructure
• User Provisioning
• Role Management
• Entitlements Management
• Risk-Based Access Control
• Virtual Directories
• Document-level Access Control
• All copies, regardless of location(even beyond the firewall)
• Auditing and Revocation
Information