Database Centric Information Security Speaker Name / Title
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2
Agenda Database-Centric Information Security Database Security Oracle Database Security Solutions Defense-in-Depth Q&A 3
More data than ever Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 4
More breaches then ever Data Breach Once exposed, the data is out there the bell can t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 200 630% Increase Total Personally Identifying Information Records Exposed (Millions) 100 0 2005 2006 2007 2008 Source: DataLossDB, 2009 5
More threats than ever 6
More Regulations Than Ever UK/PRO PIPEDA Sarbanes-Oxley PCI Breach Disclosure HIPAA GLBA FISMA EU Data Directives Basel II K SOX Euro SOX ISO 17799 J SOX SAS 70 COBIT AUS/PRO 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007. 7
Market Overview: IT Security In 2009 There has been a clear and significant shift from what was the widely recognized state of security just a few years ago. Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations, followed by application security (86%). 8
Securing Data in Your Database Encryption Masking Classification Access Control Detection Activity Monitoring Change Tracking Discovery and Assessment Secure Configuration 9
Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 10
Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 11
Oracle Advanced Security Transparent Data Encryption Disk Backups Exports Application Off-Site Facilities Complete encryption for data at rest No application changes required Efficient encryption of all application data Built-in key lifecycle management 12
Oracle Advanced Security Network Encryption & Strong Authentication Standard-based encryption for data in transit Strong authentication of users and servers No infrastructure changes required Easy to implement 13
Oracle Secure Backup Integrated Tape or Cloud Backup Management Secure data archival to tape or cloud Easy to administer key management Fastest Oracle Database tape backups Leverage low-cost cloud storage 14
Oracle Data Masking Irreversible De-Identification Production LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Non-Production LAST_NAME SSN SALARY ANSKEKSL 111 23-1111 60,000 BKJHHEIEDK 222-34-1345 40,000 Remove sensitive data from non-production databases Referential integrity preserved so applications continue to work Sensitive data never leaves the database Extensible template library and policies for automation 15
Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 16
Oracle Database Vault Separation of Duties & Privileged User Controls Application Procurement HR Finance DBA select * from finance.customers DBA separation of duties Limit powers of privileged users Securely consolidate application data No application changes required 17
Oracle Database Vault Multi-Factor Access Control Policy Enforcement Procurement HR Application Rebates Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors Out-of-the box policies for Oracle applications, customizable 18
Oracle Label Security Data Classification for Access Control Confidential Sensitive Transactions Confidential Report Data Public Reports Sensitive Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in other policies 19
Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 20
Oracle Audit Vault Automated Activity Monitoring & Audit Reporting HR Data! Alerts CRM Data ERP Data Audit Data Built-in Reports Custom Reports Databases Policies Auditor Consolidate audit data into secure repository Detect and alert on suspicious activities Out-of-the box compliance reporting Centralized audit policy management
Oracle Total Recall Secure Change Tracking select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM where emp.title = admin Transparently track data changes Efficient, tamper-resistant storage of archives Real-time access to historical data Simplified forensics and error correction 22
Oracle Configuration Management Vulnerability Assessment & Secure Configuration Monitor Discover Classify Assess Prioritize Fix Monitor Asset Management Policy Management Vulnerability Management Configuration Management & Audit Analysis & Analytics Database discovery Continuous scanning against 375+ best practices and industry standards, extensible Detect and prevent unauthorized configuration changes Change management compliance reports 23
Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 24
Summary Transparent Integrated Comprehensive Cost-Effective 25
For More Information search.oracle.com database security or oracle.com/database/security
27