Oracle Database Vault with Oracle Database 12c ORACLE WHITE PAPER MAY 2015

Similar documents
Oracle Database Vault

Oracle Database Vault

Oracle Database Vault

Oracle Data Masking and Subsetting

Oracle Database Security Assessment Tool

Oracle Database 10g Release 2 Database Vault - Restricting the DBA From Accessing Business Data

An Oracle White Paper September Security and the Oracle Database Cloud Service

JD Edwards EnterpriseOne Licensing

Creating Custom Project Administrator Role to Review Project Performance and Analyze KPI Categories

Encryption and Redaction in Oracle Database 18c with Oracle Advanced Security O R A C L E W H I T E P A P E R M A R C H

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Oracle Cloud Applications. Oracle Transactional Business Intelligence BI Catalog Folder Management. Release 11+

An Oracle White Paper October Deploying and Developing Oracle Application Express with Oracle Database 12c

ORACLE DATABASE LIFECYCLE MANAGEMENT PACK

Oracle Flashback Data Archive (FDA) O R A C L E W H I T E P A P E R M A R C H

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

Correction Documents for Poland

Generate Invoice and Revenue for Labor Transactions Based on Rates Defined for Project and Task

Oracle API Platform Cloud Service

August 6, Oracle APEX Statement of Direction

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Automatic Receipts Reversal Processing

October Oracle Application Express Statement of Direction

April Understanding Federated Single Sign-On (SSO) Process

Repairing the Broken State of Data Protection

Loading User Update Requests Using HCM Data Loader

Technical Upgrade Guidance SEA->SIA migration

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

Oracle Secure Backup. Getting Started. with Cloud Storage Devices O R A C L E W H I T E P A P E R F E B R U A R Y

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Tutorial on How to Publish an OCI Image Listing

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Siebel CRM Applications on Oracle Ravello Cloud Service ORACLE WHITE PAPER AUGUST 2017

An Oracle White Paper June Oracle Audit Vault and Database Firewall

Establishing secure connections between Oracle Ravello and Oracle Database Cloud O R A C L E W H I T E P A P E R N O V E M E B E R

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

Oracle Grid Infrastructure 12c Release 2 Cluster Domains O R A C L E W H I T E P A P E R N O V E M B E R

Configuring Oracle Business Intelligence Enterprise Edition to Support Teradata Database Query Banding

Oracle Risk Management Cloud

An Oracle White Paper October Minimizing Planned Downtime of SAP Systems with the Virtualization Technologies in Oracle Solaris 10

Migration Best Practices for Oracle Access Manager 10gR3 deployments O R A C L E W H I T E P A P E R M A R C H 2015

Oracle Data Provider for.net Microsoft.NET Core and Entity Framework Core O R A C L E S T A T E M E N T O F D I R E C T I O N F E B R U A R Y

Database access control, activity monitoring and real time protection

Oracle Privileged Account Manager

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

SANS Institute Product Review: Oracle Database Vault

Oracle VM 3: IMPLEMENTING ORACLE VM DR USING SITE GUARD O R A C L E W H I T E P A P E R S E P T E M B E R S N

Oracle Advanced Security Transparent Data Encryption (TDE)

Oracle WebLogic Portal O R A C L E S T A T EM EN T O F D I R E C T IO N F E B R U A R Y 2016

Transparent Solutions for Security and Compliance with Oracle Database 11g. An Oracle White Paper September 2008

Using the Oracle Business Intelligence Publisher Memory Guard Features. August 2013

Oracle DIVArchive Storage Plan Manager

An Oracle White Paper October The New Oracle Enterprise Manager Database Control 11g Release 2 Now Managing Oracle Clusterware

Oracle Clusterware 18c Technical Overview O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Grid Infrastructure Cluster Domains O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Diagnostics Pack For Oracle Database

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

Oracle Database 12c Release 2 Security and Compliance

Managing Metadata with Oracle Data Integrator. An Oracle Data Integrator Technical Brief Updated December 2006

An Oracle White Paper March Oracle Database Vault for SAP

An Oracle White Paper June Enterprise Database Cloud Deployment with Oracle SuperCluster T5-8

Oracle Exadata Statement of Direction NOVEMBER 2017

Subledger Accounting Reporting Journals Reports

Oracle Database Appliance X6-2S / X6-2M ORACLE ENGINEERED SYSTEMS NOW WITHIN REACH FOR EVERY ORGANIZATION

Oracle Enterprise Data Quality New Features Overview

Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition

Oracle Hyperion Planning on the Oracle Database Appliance using Oracle Transparent Data Encryption

WebCenter Portal Task Flow Customization in 12c O R A C L E W H I T E P A P E R J U N E

An Oracle White Paper July Methods for Downgrading from Oracle Database 11g Release 2

Oracle Big Data SQL. Release 3.2. Rich SQL Processing on All Data

An Oracle White Paper December, 3 rd Oracle Metadata Management v New Features Overview

Working with Time Zones in Oracle Business Intelligence Publisher ORACLE WHITE PAPER JULY 2014

Oracle Warehouse Builder 10g Release 2 Integrating Packaged Applications Data

Improve Data Integration with Changed Data Capture. An Oracle Data Integrator Technical Brief Updated December 2006

Leverage the Oracle Data Integration Platform Inside Azure and Amazon Cloud

Deploying the Zero Data Loss Recovery Appliance in a Data Guard Configuration ORACLE WHITE PAPER MARCH 2018

ORACLE SNAP MANAGEMENT UTILITY FOR ORACLE DATABASE

Load Project Organizations Using HCM Data Loader O R A C L E P P M C L O U D S E R V I C E S S O L U T I O N O V E R V I E W A U G U S T 2018

SOA Cloud Service Automatic Service Migration

Automatic Data Optimization with Oracle Database 12c O R A C L E W H I T E P A P E R S E P T E M B E R

Oracle Best Practices for Managing Fusion Application: Discovery of Fusion Instance in Enterprise Manager Cloud Control 12c

An Oracle White Paper September Oracle Integrated Stack Complete, Trusted Enterprise Solutions

General Security Principles

Oracle Fusion Configurator

Oracle Java SE Advanced for ISVs

Oracle Database 12c: JMS Sharded Queues

Extreme Performance Platform for Real-Time Streaming Analytics

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

Oracle Linux Management with Oracle Enterprise Manager 13c O R A C L E W H I T E P A P E R J U L Y

Bastion Hosts. Protected Access for Virtual Cloud Networks O R A C L E W H I T E P A P E R F E B R U A R Y

Transitioning from Oracle Directory Server Enterprise Edition to Oracle Unified Directory

An Oracle White Paper May Oracle VM 3: Overview of Disaster Recovery Solutions

An Oracle White Paper October Release Notes - V Oracle Utilities Application Framework

An Oracle Technical Article March Certification with Oracle Linux 4

Oracle Financial Consolidation and Close Cloud. What s New in the November Update (16.11)

Transcription:

Oracle Database Vault with Oracle Database 12c ORACLE WHITE PAPER MAY 2015

Table of Contents Introduction 1 Controls for Privileged Accounts 2 Privilege User Access Controls on Application Data with Realms 2 Controls for Maintenance with Mandatory Realms 3 Controls for Database Configuration 4 SQL Command Controls with Oracle Database Vault 5 Account Management Controls with Oracle Database Vault 5 Database Role Controls with Oracle Database Vault 5 Run-time Privilege Analysis with Oracle Database Vault 6 Controls for Consolidation and Cloud Environments 6 Controls for Oracle Multitenant 7 Application Protection Policies 7 Monitoring Oracle Database Vault 8 Deployment and Operational Simplicity 8 Conclusion 9. ORACLE DATABASE VAULT WHITE PAPER

Introduction Regulations, industry directives and numerous breach disclosure laws require stronger security controls including separation of duty. Privacy and regulatory challenges are becoming increasingly complicated as access to data must be controlled based on laws spanning multiple countries. In parallel, attacks on databases are becoming increasingly common as hackers and even insiders target large data repositories to steal data, disrupt business, or gain economic advantage through industrial espionage. Data breaches resulting from unauthorized privileged users access or abuse of these accounts has accounted for a large percentage of the overall number of data breaches over the past few years. Protecting the database has become paramount and requires a defense in depth, multilayered approach that encompasses preventive, detective, and administrative controls. Oracle Database 12c strengthens Oracle s industry leading database security solution by providing important new security controls in each of these areas. Oracle Database Vault with Oracle Database 12c provides the industry s most comprehensive access control capabilities for the Oracle Database. Oracle Database Vault provides essential safeguards against common threats, including:» Threats that exploit stolen credentials obtained from social engineering, key-loggers, and other mechanisms to get access to privileged accounts in your database» Threats from insiders that misuse privileged accounts to access sensitive data, or to create new accounts, and grant additional roles and privileges for future exploits» Threats from insiders who bypass the organization s usage policies (including IP address, date, and time of usage), or from unintended mistakes from junior DBAs who might use unauthorized SQL commands that change the database configuration and put the database in a vulnerable state» Threats to sensitive data during maintenance window from the application administrators» Threats that exploit weaknesses in the application to escalate privileges and attack other applications on the same database Oracle Database Vault with Oracle Database 12c introduces a new and powerful runtime privilege analysis capability that allows administrators to identify unused privileges and roles for applications and users. This information can then be used to tighten privilege and role grants and increase the security of the overall application. Oracle Database Vault with Oracle Database 12c is installed by default enabling efficient setup, configuration and deployment 1 ORACLE DATABASE VAULT WHITE PAPER

Controls for Privileged Accounts Privileged user accounts are common place in all databases and are used by DBAs for daily tasks such as user management, performance tuning, replication, patching, backup and recovery, space management, startup and shutdown. Many Oracle predefined system users such as SYSTEM and roles such as DBA role can access any application data in the database. Due to their wide ranging access, most organizations enforce strict processes and internal rules on who can be granted privileged access or DBA access to the databases. These accounts and roles, however, have also been a prime target of hackers because of their unimpeded access inside the database. They have also been misused by insiders to gain access to confidential information. Privilege User Access Controls on Application Data with Realms Increasing controls on privileged and DBA accounts is vital to improving security. Oracle Database Vault creates a highly restricted application environment ( Realm ) inside the Oracle database that prevents access to application data from privileged accounts while continuing to allow the regular authorized administrative activities on the database. Realms can be placed around all or specific application tables and schemas to protect them from unauthorized access while continuing to allow access to owners of those tables and schemas, including those who have been granted direct access to those objects. Figure 1 below shows how an Oracle Database Vault Realm blocks a DBA or someone masquerading as a DBA. It also shows how applications with powerful system-wide privileges can also be blocked from looking at other application data inside the database. System-wide privileges include select any table, commonly granted not only to database administrators but also found in many application environments. Figure 1. Oracle Database Vault Control for Privileged Accounts 2 ORACLE DATABASE VAULT WHITE PAPER

TABLE 1. ORACLE DATABASE VAULT REALMS USE CASES Use Case Prevent unauthorized DBA access to application data Enable secure consolidation Enable secure outsourcing /offshoring Description Realms help customers comply with data access regulations and protect from insider threats as well as outsider attacks exploiting compromised DBA accounts. Realms allow customers to consolidate multiple applications into a single database while preventing highly privileged application accounts from accessing each other s data. This helps customers secure their consolidated applications in their private clouds and helps cloud providers maintain higher level of security assurance for their customers. By controlling access to sensitive data even by administrative staff, Realms allow customers to take advantage of the cost benefits of outsourcing/off-shoring of backend operations. Oracle Database Vault Realms also place controls on powerful system privileges, roles, and account management. In addition, Oracle Database Vault Realms restrict access to security related packages commonly used by applications, such as the Virtual Private Database (VPD) package. For example, Oracle Database Vault limits who can manage VPD policies, increasing the overall security of the application. Controls for Maintenance with Mandatory Realms Periodic access to production environments by IT support staff or application DBAs is a common requirement and is typically associated with patching activity or diagnosing a performance issue. This task may typically involve recreating indexes and triggers, patching PL/SQL packages, or adding new tables, views, and other objects. During such maintenance windows, organizations need the ability to seal off access to tables and views containing highly sensitive data, even to those with direct object grants or the application owner. This is an increasingly common security need driven by data governance requirements and cross-country regulations. Oracle Database Vault with Oracle Database 12c introduces Mandatory Realms that effectively seal off application tables, views, or other objects from all access, including the object owner and privileged users, unless access has been specifically granted. Mandatory Realms can be pre-configured and then enabled during maintenance operations. Mandatory Realms can also be used as an additional line of defense to protect applications. In this case, they would not only prevent privileged user access, just like regular realms, but also provide an additional check on all users who have access to the application including those with direct object grants and the application owner. These users can be authorized to the Mandatory Realm and additional checks can be performed before gaining access to application data. Figure 2 shows how Oracle Database Vault Mandatory Realm enforces additional authorization check on the application owner before allowing access to application data. 3 ORACLE DATABASE VAULT WHITE PAPER

Figure 2. Oracle Database Vault Mandatory Realm for Maintenance TABLE 2. MANDATORY REALMS USE CASES Use Case Support and Development Access Entitlement Controls Application Protection Incident Response Threat Response Description Mandatory Realms can be placed around all or specific application tables, blocking both the application owner as well as those with direct object grants from accessing the data. For patching and support access, stored procedures and application meta data can still be accessed and patched, but application sensitive data will be protected by the Mandatory Realm. Mandatory Realms freeze the entitlements granted to a database role so that no privileged user can change them. Only authorized users will be able to grant these roles and change their entitlements. Mandatory Realms can be used to protect applications just like regular realms. In this case, all users who rely on direct grants for access should be added to realm authorizations. This makes it easier for auditors to identify all who have access to data and verify compliance. In the event of a breach or other failure, data may need to be sealed off by Mandatory Realms irrespective of the direct grants and ownership until authorities can analyze the situation. If an organization becomes aware of a threat, Mandatory Realms can be turned on quickly to stop all access until the threat has been evaluated. Controls for Database Configuration Technical controls can prevent changes that could lead to an insecure database configuration, prevent configuration drift, reduce the possibility of audit findings, and improve compliance. Changes to database structures such as application tables and roles, privileged role grants, and ad hoc creation of new database accounts are just a few examples of configuration drift that can have serious consequences. To prevent these audit findings and to comply with regulations, customers need to put in place strong operational controls inside the database. Oracle Database Vault allows customers to prevent configuration drift by controlling the use of commands such as ALTER SYSTEM, ALTER USER, CREATE USER, DROP USER, etc. 4 ORACLE DATABASE VAULT WHITE PAPER

SQL Command Controls with Oracle Database Vault Oracle Database Vault can be used to control SQL commands that can impact the security and availability of the application and the database. Oracle Database Vault Command Controls introduce an additional layer of rules and checks before any SQL command is executed including CONNECT to the database, DROP TABLE, TRUNCATE TABLE, and DROP TABLESPACE, to name a few. The Command Controls can be used to restrict access to databases to a specific subnet, application server, and program, creating a trusted path from the application to the database. Built-in factors such as IP address, host name, and session user name can be used to enforce SQL Command Controls inside the database. Oracle Label Security factors can also be used to control activity based on the security clearance of the database session. In addition, Oracle APEX applications native functions and factors can be used with Oracle Database Vault Command Controls to determine whether to allow access to specific DML or DDL statements. Figure 3. Oracle Database Vault SQL Command Controls Account Management Controls with Oracle Database Vault Oracle Database Vault places controls over who can create and manage database accounts and roles inside the database. By default, the ability to create database accounts is removed from existing DBAs and assigned to a new Database Account Manager role. This makes it possible to implement separation of duty (SOD) between regular database operations and account management, this increases security for operations such as create user, change password, and alter user. This SOD enforcement control serves as an important safeguard against misuse and the proliferation of powerful database privileges and roles whether granted to users or applications. Organizations can provision the database account management role at their discretion. However, Oracle recommends multi-factor authorization be used to increase security on account management by looking at factors such as IP address, program name and time. In addition, account management activity can be audited and alerted on, if needed. Database Role Controls with Oracle Database Vault As roles aggregate privileges and other roles, there are two ways in which they can be misused: granting or revoking roles without authorization, or changing the contents of role itself. Regular Realms protect database roles from being granted by privileged but unauthorized users. Thus only the realm owner can grant the protected roles to other users or roles. 5 ORACLE DATABASE VAULT WHITE PAPER

In addition, the new Mandatory Realm feature allows customers to freeze the settings of database roles by preventing any privilege grant or revoke from roles. This ensures that there is no drift in the roles and entitlements configurations inside the database. Run-time Privilege Analysis with Oracle Database Vault Oracle Database Vault with Oracle Database 12c introduces a new feature called Privilege Analysis to further harden the application by identifying unused privileges and roles based upon the actual usage of the roles and privileges by the user or from within the application. Understanding the set of unused roles and privileges is important because it helps identify the least number of privileges the application needs to run there by making the application more secure. This feature extends the capabilities of Database Vault to include least privilege analysis for existing applications and a continuous analysis of privileges used during new application development. Privilege Analysis allows customers to:» Report on actual privileges and roles used in the database» Identify unused privileges and roles by users and applications» Reduce risk by helping enforce least privilege for users and applications Figure 4. Oracle Database Vault Privilege Analysis Using the new Privilege Analysis feature, the set of run-time roles and privileges required for specific job functions or application can be determined and then encapsulated within a new database role to be then protected with a Mandatory Realm. Privilege Analysis can also be used as part of the application development process to track privilege use and achieve least privilege for both the application and the users. Unused privileges can be audited to track their use before revoking them from users or roles. Privilege Analysis allows organizations to increase security of existing applications as well as monitor privileges required during the application development process. Controls for Consolidation and Cloud Environments Consolidation and cloud environments provide numerous cost and operational efficiencies but also dramatically increase the potential impact of a data breach due to the massive amount of data, applications, and users on the same database. Consolidation intrinsically brings new risks that were not present in single application databases. To keep such consolidated systems up and running 24x7, there may be multiple teams of administrators to manage the system, database, and the application, requiring almost unimpeded access by many privileged users managing the environment. In addition, a simple administrative error on a single vulnerable application may bring down the entire system, or jeopardize the security of all applications and accounts on that server. 6 ORACLE DATABASE VAULT WHITE PAPER

Oracle Database Vault can systematically defend such high value targets through defense-in-depth approach by controlling database commands, restricting account management, and protecting the sensitive application data. Oracle Database Vault Command Controls prevent SQL operations that may modify the database dictionary and configuration, and thus open the database to security vulnerabilities. The Separation of Duty provided by Oracle Database Vault Account Management Controls enforces the roles and responsibilities of the different administrative teams, and minimizes internal threats. In addition to restricting the team of privileged users from accessing sensitive application data, Oracle Database Vault Realms can be placed around an application, preventing other applications within the same database and operating with DBA-like privileges from having the ability to access the application data. All Oracle Database Vault Controls can be configured and deployed transparently on the Oracle Exadata Database Machine, including the pre-configured out-of-the-box control policies for Oracle and non-oracle enterprise applications. Oracle Database Vault can be used and deployed with Oracle Advanced Security, and Oracle Audit Vault and Database Firewall to enable a Maximum Security Architecture for the Oracle Exadata Database Machine. Controls for Oracle Multitenant Oracle Database Vault secures pluggable databases (PDBs) by allowing customers to create realms around all applications data inside a PDB which prevents access to their sensitive data by the common DBA in the multitenant container database (CDB), the local PDB DBA, and by other PDBs DBAs residing within the same CDB. Oracle Database Vault Command Controls can enforce inside a PDB from where and how the PDB is accessed as well as what operations can be performed within that PDB. Application Protection Policies The process of creating Oracle Database Vault policies for custom or commercial applications is a straight forward process. Oracle Enterprise Manager Cloud Control 12c can be used to create a realm around the full application schema or around specific tables with sensitive data. Alternately, a set of PL/SQL packages can also be used to create Realms and Command Rules. Oracle Database Vault has been certified with numerous Oracle and partner applications. The certification includes out-of-the-box security policies specific for each application taking into consideration their install, run-time, and maintenance requirements. These security policies protect application data from unauthorized privileged users, and provide real-time preventive controls that prevent ad hoc changes to application s data structures. 7 ORACLE DATABASE VAULT WHITE PAPER

TABLE 3. ORACLE DATABASE VAULT PROTECTION FOR ENTERPRISE APPLICATIONS Application Oracle Fusion Applications Oracle E-Business Suite Oracle PeopleSoft Oracle JD Edwards Enterprise One Oracle Siebel Oracle Retail Applications Oracle Financial Services Oracle Utilities Applications Oracle Primavera Oracle Enterprise Taxation Management SAP Applications running Netweaver 7.0 and higher (ERP, CRM, PLM, SCM, SRM, BW, etc) Finacle from Infosys Application-Specific Protection Policy Available? Policies for Oracle Applications are available through Oracle Support, or through the Oracle Technology Network and the partner support portals. The policies can also be used as blueprints for designing policies to protect custom applications. The Oracle Database Security team continues to work with Oracle Application groups as well as with partners to provide out of the box policies for additional applications. Monitoring Oracle Database Vault Oracle Database Vault Reports can show SQL statements blocked by Oracle Database Vault, and any security policy changes made by an Oracle Database Vault administrator. For example, if a DBA attempts to access data in an application table protected by a realm, Oracle Database Vault prevents that access and creates an audit record for the incident that can be viewed using the Realm Audit Report. Oracle Database Vault reports can also be used to track security administrators actions and show any changes to Oracle Database Vault configuration. For Privilege Analysis, out of the box views provide an overview of the runtime analysis and provide insight to the used and un-used privileges and roles. Oracle Database Vault specific reports are available out-of-the-box through Oracle Enterprise Manager Cloud Control 12c, or through Oracle Audit Vault and Database Firewall. In addition to aggregating and reporting on Oracle Database Vault audit events, Oracle Audit Vault and Database Firewall provides a comprehensive overview of activity that includes SQL statements on the network, as well as audit data generated by Oracle and non-oracle databases, operating systems, and directories. Deployment and Operational Simplicity Oracle Database Vault comes installed by default with Oracle Database 12c and can be enabled on the command line. Once enabled, the Oracle database simply needs to be restarted for Oracle Database Vault controls to be in effect. No installation of additional software or re-linking of the Oracle database executable is needed. 8 ORACLE DATABASE VAULT WHITE PAPER

Oracle Database Vault enforcement remains with the database even when the database files are exported or restored to a different Oracle home environment. Oracle Database Vault can be deployed with Oracle s Maximum Availability Architecture, including Oracle RAC and Oracle Data Guard. Oracle Database Vault protects applications data while keeping the DBA fully operational. DBAs can do their regular duties like tuning, backup and recovery as usual. However, Oracle Database Vault does enforce discipline when it comes to administering protected sensitive data. DBAs need authorization before they can export, import or move protected sensitive data. For more details, please refer to the white paper DBA Administrative Best Practices with Oracle Database Vault available from the Oracle Database Vault page on the Oracle Technology Network website. Oracle Database Vault is enforced inside the Oracle Database kernel, providing unparalleled security and very low performance overhead, providing transparency to the performance profile of existing applications. Production customers running Oracle Database Vault on major applications have reported no change in their application response time. Conclusion Oracle Database Vault creates a robust foundation for secure database operations and application deployment. It protects against internal and external threats targeting intellectual property, privacy related data, and application data. Controls can be pre-configured and enabled to meet increased security requirements. Oracle Database Vault provides support for consolidation and cloud computing, and can be deployed seamlessly with Oracle Exadata and the Oracle Multitenant Database option. Oracle Database Vault preventive controls are designed to be transparent to existing applications and adaptive to existing database administration processes. 9 ORACLE DATABASE VAULT WHITE PAPER

Oracle Corporation, World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065, USA Worldwide Inquiries Phone: +1.650.506.7000 Fax: +1.650.506.7200 CONNECT WITH US blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle oracle.com Copyright 2015, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.0115 Oracle Database Vault White Paper May 2015

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback