Database Centric Information Security. Speaker Name / Title

Transcription

1 Database Centric Information Security Speaker Name / Title

2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2

3 Agenda Database-Centric Information Security Database Security Oracle Database Security Solutions Defense-in-Depth Q&A 3

4 More data than ever Growth Doubles Yearly 1,800 Exabytes Source: IDC,

5 More breaches then ever Data Breach Once exposed, the data is out there the bell can t be un-rung PUBLICLY REPORTED DATA BREACHES % Increase Total Personally Identifying Information Records Exposed (Millions) Source: DataLossDB,

6 More threats than ever 6

7 More Regulations Than Ever UK/PRO PIPEDA Sarbanes-Oxley PCI Breach Disclosure HIPAA GLBA FISMA EU Data Directives Basel II K SOX Euro SOX ISO J SOX SAS 70 COBIT AUS/PRO 90% Companies behind in compliance Source: IT Policy Compliance Group,

8 Market Overview: IT Security In 2009 There has been a clear and significant shift from what was the widely recognized state of security just a few years ago. Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations, followed by application security (86%). 8

9 Securing Data in Your Database Encryption Masking Classification Access Control Detection Activity Monitoring Change Tracking Discovery and Assessment Secure Configuration 9

10 Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 10

11 Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 11

12 Oracle Advanced Security Transparent Data Encryption Disk Backups Exports Application Off-Site Facilities Complete encryption for data at rest No application changes required Efficient encryption of all application data Built-in key lifecycle management 12

13 Oracle Advanced Security Network Encryption & Strong Authentication Standard-based encryption for data in transit Strong authentication of users and servers No infrastructure changes required Easy to implement 13

14 Oracle Secure Backup Integrated Tape or Cloud Backup Management Secure data archival to tape or cloud Easy to administer key management Fastest Oracle Database tape backups Leverage low-cost cloud storage 14

15 Oracle Data Masking Irreversible De-Identification Production LAST_NAME SSN SALARY AGUILAR ,000 BENSON ,000 Non-Production LAST_NAME SSN SALARY ANSKEKSL ,000 BKJHHEIEDK ,000 Remove sensitive data from non-production databases Referential integrity preserved so applications continue to work Sensitive data never leaves the database Extensible template library and policies for automation 15

16 Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 16

17 Oracle Database Vault Separation of Duties & Privileged User Controls Application Procurement HR Finance DBA select * from finance.customers DBA separation of duties Limit powers of privileged users Securely consolidate application data No application changes required 17

18 Oracle Database Vault Multi-Factor Access Control Policy Enforcement Procurement HR Application Rebates Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors Out-of-the box policies for Oracle applications, customizable 18

19 Oracle Label Security Data Classification for Access Control Confidential Sensitive Transactions Confidential Report Data Public Reports Sensitive Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in other policies 19

20 Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 20

21 Oracle Audit Vault Automated Activity Monitoring & Audit Reporting HR Data! Alerts CRM Data ERP Data Audit Data Built-in Reports Custom Reports Databases Policies Auditor Consolidate audit data into secure repository Detect and alert on suspicious activities Out-of-the box compliance reporting Centralized audit policy management

22 Oracle Total Recall Secure Change Tracking select salary from emp AS OF TIMESTAMP '02-MAY AM where emp.title = admin Transparently track data changes Efficient, tamper-resistant storage of archives Real-time access to historical data Simplified forensics and error correction 22

23 Oracle Configuration Management Vulnerability Assessment & Secure Configuration Monitor Discover Classify Assess Prioritize Fix Monitor Asset Management Policy Management Vulnerability Management Configuration Management & Audit Analysis & Analytics Database discovery Continuous scanning against 375+ best practices and industry standards, extensible Detect and prevent unauthorized configuration changes Change management compliance reports 23

24 Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 24

25 Summary Transparent Integrated Comprehensive Cost-Effective 25

26 For More Information search.oracle.com database security or oracle.com/database/security

27 27

28