Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

Similar documents
Database Centric Information Security. Speaker Name / Title

<Insert Picture Here> Oracle Database Security

with Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle

The 10 Principles of Security in Modern Cloud Applications

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8

Private Cloud Database Consolidation Name, Title

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

locuz.com SOC Services

IBM services and technology solutions for supporting GDPR program

An Oracle White Paper June Oracle Audit Vault and Database Firewall

Oracle Database Vault with Oracle Database 12c ORACLE WHITE PAPER MAY 2015

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

Teradata and Protegrity High-Value Protection for High-Value Data

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

<Insert Picture Here> Managing Oracle Exadata Database Machine with Oracle Enterprise Manager 11g

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Database Consolidation onto Private Cloud. Piotr Kołodziej, Oracle Polska

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Securing Data-at-Rest

DATABASE SOFTWARE. Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Exadata: The World s Fastest Database Machine

McAfee Database Security

Mellanox InfiniBand Solutions Accelerate Oracle s Data Center and Cloud Solutions

Transforming IT: From Silos To Services

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Oracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Cloud Security Myths Paul Mazzucco, Chief Security Officer

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Security Readiness Assessment

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Security Compliance and Data Governance: Dual problems, single solution CON8015

Defending Against a Dangerous New World

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Oracle Database Auditing

Oracle Database Security Assessment Tool (DBSAT) Overview

How AlienVault ICS SIEM Supports Compliance with CFATS

Mitigating Risks with Cloud Computing Dan Reis

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Vormetric Data Security

Data Privacy and Protection GDPR Compliance for Databases

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Automating the Top 20 CIS Critical Security Controls

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

MySQL Enterprise Security

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Comprehensive Database Security

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Trustwave Managed Security Testing

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Oracle Exadata: Strategy and Roadmap

What s New in Netwrix Auditor 9.7

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Qualys Cloud Platform

Evolving To The Big Data Warehouse

Managing Oracle Database 12c with Oracle Enterprise Manager 12c

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Transparent Solutions for Security and Compliance with Oracle Database 11g. An Oracle White Paper September 2008

CyberArk Privileged Threat Analytics

Cloud Customer Architecture for Securing Workloads on Cloud Services

Spotlight Report. Information Security. Presented by. Group Partner

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Cyber Security Audit & Roadmap Business Process and

Everything visible. Everything secure.

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]

Cybersecurity Auditing in an Unsecure World

Managing Microsoft 365 Identity and Access

Oracle Database 12c Release 2 Security and Compliance

MigrationWiz Security Overview

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

PROTECT AND AUDIT SENSITIVE DATA

Focus On: Oracle Database 11g Release 2

Carbon Black PCI Compliance Mapping Checklist

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

University of Pittsburgh Security Assessment Questionnaire (v1.7)

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

Oracle Database Security Assessment Tool

2017 Annual Meeting of Members and Board of Directors Meeting

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Achieving End-to-End Security in the Internet of Things (IoT)

IBM Software Bridging the data security gap

T22 - Industrial Control System Security

DIGITAL TRUST AT THE CORE

Projectplace: A Secure Project Collaboration Solution

Securing Your Most Sensitive Data

Overview. Application security - the never-ending story

Transcription:

Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

Private Clouds: Opportunity to Improve Data Security and Lower Costs Michał Jerzy Kostrzewa (Michal.Kostrzewa@Oracle.com) ECE Business Development Manager

Agenda Challenges of Securing Data Today Data Security in Cloud Environments Private v. Public Clouds Securing Database Clouds Q&A

Easy to Lose Track of Sensitive Data In Traditional Computing Environments Silos of dedicated hardware and software for each application Organizations typically unsure which silos contain sensitive data Securing every silo is too costly and complex Organizations typically protect the only shared resource - the network Data and database infrastructure vulnerable to attack from within the network perimeter

Data and Databases Vulnerable The 2010 IOUG Data Security Report 28% 24% 44% 68% 66% 48% uniformly encrypt sensitive data in all databases can prevent privileged database users from reading/modifying data allow database users to access data directly can not detect if database users are abusing privileges not sure if applications subject to SQL injection copy sensitive production data to non-production environments Data can be read/tampered with by any system user or admin with access to database files or storage Data can be accessed by DBAs or anyone with privileged database user credentials Users can by-pass application security policies to read or modify data directly within database Database users can perform unauthorized activities undetected Data can be manipulated by hackers who compromise applications Data can be accessed by developers, testers, etc.

Over 900M (92%) Breached Records from Compromised Databases Servers 48% involved privilege misuse 40% resulted from hacking 2010 Data Breach Investigations Report 38% utilized malware 28% employed social tactics 15% comprised physical attacks

Cloud Computing Environments Allow Securing Sensitive Data Efficiently Clouds are shared pools of standardized computing resources Oracle Exadata is a pre-integrated, highly optimized Database Cloud platform that maximizes ROI All data now managed in the Database Cloud - securing Database Clouds is not optional! Securing Database Clouds results in efficient and consistent protection for all data Database Clouds enable better security at lower cost and complexity

Exadata and Exalogic Extreme Performance, Engineered Systems Database and middle tier machines Unmatched performance, simplified deployment, lower total cost Building blocks for private and public PaaS 8

Oracle Exadata Extreme Performance Faster Than DW Appliances Faster query throughput Fastest disk throughput Much faster with Flash Query Throughput GB/sec Uncompressed Data Single Rack 10 Teradata 2650 20 Netezza TwinFin 12 75 GB/sec Flash Disk Exadata More Bandwidth than High-End Arrays Storage Arrays can t deliver disk bandwidth No extra bandwidth from Flash No CPU offload No Columnar Compression No InfiniBand 2.5 <6 IBM XIV Storage Data Bandwidth (Uncompressed GB/sec) NetApp 6080 9 11??? IBM DS8700 Hitachi USP V EMC VMAX 75 GB/sec Flash Disk Exadata More Data Capacity More disk drives/rack Larger disk drives Much better compression Systems with Equal User Data All with Largest Disks, Best Compression 1.4x Teradata 2650 3x EMC VMAX 2-4x Netezza TwinFin 12 10x Exadata 9

Oracle Exalogic Extreme Performance Internet Applications 12X improvement Over 1 Million HTTP Requests/Sec. FaceBook s Web Traffic on 2 Full Racks Alternative Exalogic Messaging Applications 4.5X improvement Over 1.8 Million Messages/Sec. All Chinese Rail Ticketing on 1 Rack Alternative Exalogic Database Applications 1.4X improvement Almost 2 million JPA Operations/Sec. All E-Bay Product Searches on 1/2 Rack Alternative Exalogic 10

Biggest Barrier to Cloud Computing Adoption? Security! 74% 74% rate cloud security issues as very significant Source: IDC

The Reality of Cloud Computing Cloud Computing Often Confused with Outsourcing Public Clouds Cloud operated by a vendor Security (and compliance??) becomes outsourced Not an option for certain organizations, industries Private Clouds Evolution of IT Services Still responsible for ensuring security and compliance Cost-effective option to protect data for all organizations!

Securing Database Clouds Defense In Depth Prevent access by non-database users Increase database user identity assurance Control access to data within database Audit database activity Monitor database traffic and prevent threats from reaching the database Ensure database production environment is secure and prevent drift Remove sensitive data from non-production environments 13 Copyright 2010, Oracle. All rights reserved

Oracle Advanced Security Protect Data from Unauthorized Users Disk Backups Application Exports Off-Site Facilities Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users Efficient application data encryption without application changes Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS Strong authentication of database users for greater identity assurance 14

Oracle Database Vault Enforce Security Policies Inside the Database Security DBA Application Procurement HR Application DBA Finance select * from finance.customers DBA Automatic and customizable DBA separation of duties and protective realms Enforce who, where, when, and how using rules and factors Enforce least privilege for privileged database users Prevent application by-pass and enforce enterprise data governance Securely consolidate application data or enable multi-tenant data management 15

Oracle Audit Vault Audit Database Activity in Real-Time HR Data! Alerts CRM Data ERP Data Audit Data Built-in Reports Custom Reports Databases Policies Auditor Consolidate database audit trail into secure centralized repository Detect and alert on suspicious activities, including privileged users Out-of-the box compliance reports for SOX, PCI, and other regulations E.g., privileged user audit, entitlements, failed logins, regulated data changes Streamline audits with report generation, notification, attestation, archiving, etc. 16

Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM where emp.title = admin Transparently track application data changes over time Efficient, tamper-resistant storage of archives in the database Real-time access to historical application data using SQL Simplified incident forensics and recovery 17

Oracle Database Firewall First Line of Defense Allow Log Alert Applications Substitute Block Alerts Built-in Reports Custom Reports Policies Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. Highly accurate SQL grammar based analysis without costly false positives Flexible SQL level enforcement options based on white lists and black lists Scalable architecture provides enterprise performance in all deployment modes Built-in and custom compliance reports for SOX, PCI, and other regulations 18

Oracle Configuration Management Secure Your Database Environment Monitor Discover Classify Assess Prioritize Fix Monitor Asset Management Policy Management Vulnerability Management Configuration Management & Audit Analysis & Analytics Discover and classify databases into policy groups Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies Detect and event prevent unauthorized database configuration changes Change management dashboards and compliance reports 19

Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Production LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Non-Production LAST_NAME SSN SALARY ANSKEKSL 111 23-1111 60,000 BKJHHEIEDK 222-34-1345 40,000 Data never leaves Database Make application data securely available in non-production environments Prevent application developers and testers from seeing production data Extensible template library and policies for data masking automation Referential integrity automatically preserved so applications continue to work 20

Oracle Database Defense In Depth Solution Summary Oracle Advanced Security Oracle Identity Management Oracle Database Vault Oracle Label Security Oracle Audit Vault Oracle Total Recall Oracle Database Firewall Oracle Configuration Management Oracle Data Masking Comprehensive Transparent Easy to Deploy Proven! 21

Next Steps. Protect sensitive data and database infrastructure ASAP! Database Clouds enable better security at lower cost and complexity Start evolving your existing IT infrastructure into a Private Cloud Secured Oracle Exadata servers provide the secure database cloud building block you need Securing your databases will allow you to outsource/take advantage of Public Clouds with less risk 22

For More Information oracle.com/database/security search.oracle.com database security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback