Reinforce your Oracle Database Security with Oracle Data Safe

Data Safe is a unified control center for your Oracle Databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements. Whether you’re using Oracle Autonomous Database or Oracle Database Cloud Service (Exadata, Virtual Machine, or Bare Metal)

If you are a paid subscriber to any cloud database on Oracle Cloud Infrastructure, you can use Data Safe without any additional cost

You can store up to 1 Million audit records per month on each target database at free of cost. If you exceed this limit, you may incur additional cost.

4i Apps has over 50 OCI and Oracle Database Cloud Certifications. By virtue of our experience in working with Oracle Cloud Deployments, we recommend the following Data Security practices as a best practice.

What is the need for Data Security Solution? 

Oracle Cloud provides extensive in-built security in terms of infrastructure and software provided.

However, in the cloud, security is a shared responsibility between the provider and the user, and users still have to manage some things such as:

Customers are responsible for managing the security of data such as user permissions, protecting sensitive data and setting up appropriate audit policies. Data Safe provides tools to help customers with their portion of security management.

Features of Oracle Data Safe

Overview

With the Data Safe console, you can:

• Assess if your database is securely configured
• Review and mitigate risks based on GDPR Articles/Recitals, Oracle Database STIG Rules, and CIS Benchmark recommendations
• Assess user risk by highlighting critical users, roles and privileges
• Configure audit policies and collect user activity to identify unusual behavior
• Discover sensitive data and understand where it is located
• Remove risk from non-production data sets by masking sensitive data

Database Security Assessment

Data Safe helps to ensure your databases are securely configured. You can create and maintain security baselines for the rapid identification of configuration risks and enforce consistent use of security controls across the enterprise.

It offers recommendations for remediation and helps you to comply with regulations such as GDPR, and compliance standards as STIG and CIS. It categorizes and prioritizes these risks so that you can decide which ones to address first.

Data Safe Security Assessment provides:

• Comprehensive assessment of security parameters, security controls in use, and user roles and privileges
• Actionable reports with prioritized recommendations

User Risk Assessment

Data Safe identifies which users present the highest risk, reviews privileges granted to those users, and shows you the user activity that has been captured for those users. Users with elevated privileges, who didn’t change passwords in a while or who have password policies that are relatively weak, are the common avenue for database compromise.

User Assessment remediate these risks by evaluating:

• Static profile information such as user type and password policies
• Dynamic profile information such as last login, IP address, password aging, and audit data

User Activity Auditing and Reporting

Data Safe can track database user activity and raise alerts on risky actions, a must-have requirement for many regulations. You can select from default audit policies for regular and privileged users, and use one of many out-of-the-box audit reports on various database activities. You can retain the audit data up to a year for forensics in case something went wrong. 

User Activity Auditing lets you:

• Provision audit, compliance, and alert policies
• Collect audit data from databases, and track sensitive operations
• View Audit Reports
  • Interactive reports for forensics
  • Summary and detailed reports
• Download PDF reports for compliance

Sensitive Data Discovery

Data Safe helps you to discover the amount and location of sensitive data across hundreds of columns spanning multiple schemas and tables. Customers can also add their own custom sensitive types easily. Once you get to know how much sensitive data you have and where it resides, it is easier to assess the risk and protect that data.

Sensitive Data Discovery comes with 125+ pre-defined sensitive data types:

Data Masking

Copying production data for non-production purposes proliferates sensitive data, expands the security and compliance boundary, and increases the likelihood of data breaches. If this left unprotected, non-authorized users might access the data and possibly move it across locations.

Data Safe can mask data in your non-production environments while maintaining complex data relationships. Data Safe minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk.

Data Masking provides:

Data Safe helps or enable customers in compliance regulations like GDPR and works with the following Oracle Cloud Database Services:

• Support for on-premises databases is currently available in a Limited Availability (LA) program.
• Similarly, support for Cloud at Customer databases is currently available in a Limited Availability (LA) program.
• On-Premise or Cloud at Customer clients need to contact Oracle if they would like to participate or if you would like more information.

Securing is getting easier with Oracle Data Safe

If you are using a cloud database on Oracle Cloud, getting started is as easy as the following

• Enable Data Safe with the click of a button in the Oracle Cloud Infrastructure.
• Register your target databases.
• Log on to the Oracle Data Safe console and start leveraging all Data Safe capabilities

Reference:

https://www.oracle.com/in/database/technologies/security/data-safe.html

Please contact our local representatives for further queries or email sales@4iapps.com

Author

Suresh Kumar M K, Senior Technical Architect expertise in Cloud Solutions. He is also specialized in Oracle EBS and Core Database solutions.