SlideShare a Scribd company logo

Best Practices for implementing Database Security Comprehensive Database Security

K
Kal BO

Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017

Technology
1 of 27
Download to read offline
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Privacy & Security Regulations Increasing World-Wide EU GDPR PCI NZPA APP APPI Ch GDPL HK PDPO Si PDPA Th OIA Ru DPA IT Act SAECTA MDPA APDPL CLPPL Art. 5 CDPL MPDPL FOIPPAPIPEDA NY DFS 500 48 State Data Privacy laws Patriot Act CIPHIPAA GLBA
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 98M Target DEC ‘13 1B Yahoo Dec ’16 400M Friend Finder Dec ‘16 150M eBay May ‘14 200M Experian Mar ’14 US Voters 191M, Dec 15 150M Adobe Oct ‘13 56M Home Depot Sep ‘14 76M JPMC Oct ‘14 80M Anthem Feb ‘15 2M Vodafone Oct ‘13 42M Cupid Media Jan ’13 TBs IP Sony Nov ’14 2M Orange Feb/Apr ‘14 20M Credit Bureau 12M Telecom S. Korea Jan ‘14 22M Benesse Education Jul ‘14 Japan Espionage Kaspersky Jun ‘15 400GB IP Theft Hacking Team Jul ‘15 Carphone Warehouse Aug ’15 2.4M 4M Talk Talk Oct 15 50M Turkish Govt Apr ‘16 5M VTech Nov ‘15 30M BSNL Telco Journal Jul ‘15 Kmart Oct ‘15 11M Premera Blue Cross Mar ‘15 93M Mexico Voter Apr ‘16 154M US Voter Jun ‘16 32M Ashley Madison Jul ’15 US OPM, 22M Jun ’15 15M T-Mobile Oct ’15 4.6M Scottrade Oct ’15 55M Philippines Voter list Apr ‘16 4 Data Breaches are Exploding World-Wide 3.2M Debit cards Oct ‘16 Sabre Mar ‘16 CIA Apr ‘17 77M Edmodo May ‘17 143M Equifax July ‘17
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data is Today’s Capital • Data breaches are exploding world-wide – Databases continue to be the prime target • Fast Evolving, Stringent Regulatory Landscape – Across industries and regions – Laws that aim to protect data and citizen privacy • Data Security Strategy – Protect against multiple threat actors and multiple vectors – With built-in, comprehensive security controls – For on-premise and cloud databases 5 But in the Wrong Hands, Data Becomes the New Liability
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | XSS / Malware Changing Threat Landscape 6 Databases remain the Target Threat Actors Hackers OS Admin DBA Test & Dev End-Users Support SQL Injection Stolen Credentials Ransomware Physical Theft Privilege Escalation Network Sniffing Threat Vectors Middleware Applications Databases Operating System Network Storage Backup Threat Targets
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Evaluate Security Risks
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9 Situation: Hundreds of databases distributed around the globe, scattered across dozens of acquired companies; no unified configuration standard Solution: Oracle Database Security Assessment (DBSAT) Result: Significant misconfigurations identified, leading to a single configuration standard being applied everywhere Benefit: Reduced risk of breach and easier security audits against a well-defined standard Global Oil Field Services Provider Situation: Thousands of Oracle Databases managed by silos of administrators; no comprehensive picture of databases’ security posture Solution: Continuous compliance monitoring with Oracle Enterprise Manager Database Lifecycle Management Pack Result: Near-real time alerts when any database configuration drift introduces security risk Benefit: Reduced audit costs, improved security Very Large Semiconductor Manufacturer Situation: Migrating SAP installation to a new infrastructure; desire to harden deployment at the same time Solution: Oracle Database Security Assessment (DBSAT) Result: Discovered many security issues including use of default SAP application account configured for password-less login Benefit: Potential production vulnerability avoided Global Auto Manufacturer Situation: Dozens of production databases with no model of where sensitive data resides making it difficult to apply suitable security policies and controls Solution: Sensitive Data Discovery with Oracle DB Security Result: 400+ columns of SSN & other sensitive data identified Benefit: Ability to apply appropriate security controls on data US Insurance Provider Evaluative Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Prevent Data Compromise
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Reducing the Risk from Malicious Users Oracle Database Vault 11 Separation of Duty Over Privileged Account Least Privilege Protect Sensitive Data Minimize impact to • Applications • Performance • High Availability • Operations Prevent Database Change
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Disks Exports Backups Transparent Data Encryption Encrypted Storage d$f8#;!90Wz@Yg#3 Redacted Applications Data Redaction Oracle Advanced Security 12
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Advanced Security Transparent Data Encryption (TDE) 13 Disks Exports Off-Site Facilities • Encrypts columns or entire tablespaces • Protects the database files on disk and on backups • High-speed performance • Transparent to applications, no changes required • Integrated with Oracle DB technologies Applications Encrypted Data Backups Clear Data d$f8#; !90Wz Yg#3R qR+% @Ue#3 R+%K# *HH$7 #9Vlka
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | TDE Integration with Oracle Database 14 Database Technologies Example Points of Integration TDE Support High-Availability Clusters Oracle Real Application Clusters (RAC), Data Guard, Active Data Guard Backup and Restore Oracle Recovery Manager (RMAN), Oracle Secure Backup Export and Import Oracle Data Pump Export and Import Database Replication Oracle Golden Gate Pluggable Databases Oracle Multitenant Option Engineered Systems Oracle Exadata Smart Scans Storage Management Oracle Automatic Storage Management (ASM) Data Compression Oracle Standard, Advanced , and Hybrid Columnar Compression
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Key Vault – Centralized Key Management 15 Oracle Wallet Upload & Download Oracle Database Online Master Key ASM Storage Nodes ASM Cluster File Systems (Encrypted) Online Master Key Credential File Upload & Download Java Keystore Upload & Download MySQL Keys Solaris Crypto Keys
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Situation: Fourteen independent operating units consolidating different Oracle eBusiness Suite (EBS) instances; requirement to support migration and test Solution: Data Masking with eBusiness Suite templates Result: Substantial reduction in risk (and risk-mitigation costs) by removing sensitive data from non-production systems Benefit: Initial consolidation of three business units was accomplished in the first year Consumer Goods Manufacturer Situation: Hortonworks Hadoop with sensitive/classified information Solution: BigData SQL, Oracle Data Redaction and Virtual Private Database (VPD) across Oracle DB and Hadoop Result: Ability to restrict user access to sensitive data in data lake Benefit: Data from a single big data repository can be shared among agencies while maintaining adherence to data classification policies European Government Ministry Situation: Board of Directors mandate to encrypt databases for critical applications by end of 2017 Solution: Transparent Data Encryption with Oracle Key Vault Result: Encrypted 50 databases containing sensitive customer data Benefit: Information protection throughout data lifecycle at scale with automated key management Diversified Telecommunications Company Situation: 1,000s of databases; recent breach led to evaluation of security practices, and how they could be improved Solution: Transparent Data Encryption and Oracle Database Vault Result: Most databases encrypted within the first year. Database Vault security realms protect data from privileged accounts Benefit: Confidentiality of data throughout the data lifecycle and protection from data loss from stolen privileged user credentials Top Global Bank Preventive Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 17 Detect Anomalies, Support Investigations
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Audit Data, Event Logs Database Firewall Network Events Audit Vault Monitor and Audit Enterprise Databases 18 Security Alerts SIEM Reports, Alerts Ad-hoc queries Security Analyst
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19 Situation: 100s of production databases containing sensitive IP; need to monitor for potential attacks and support compliance audits Solution: Oracle Audit Vault and Database Firewall Result: 200+ databases monitored within 3 months with regular reporting of audit information Benefit: Improved visibility and reporting for regulatory audits Multinational Semiconductor Company Situation: Need to comply with PCI DSS, SOX and GLBA Solution: Oracle Database Firewall Result: Monitoring of peak loads of 10k transactions/sec while maintaining database performance Benefit: Improved database traffic visibility Consumer Credit Reporting Company Situation: Public health record system; requirement for bank- strength security features Solution: Oracle Database Firewall Result: Monitoring access to health records in multivendor systems (Oracle MySQL, Sybase, IBM, MS SQL Server) to detect suspicious or inappropriate behavior Benefit: Improved posture for this patient “opt-in” service National Health Ministry Situation: Heterogeneous DB environment supporting over 700 stores in US, Canada, Japan, Australia and Mexico; requirement to comply with complex world-wide privacy regulations Solution: Oracle Audit Vault and Database Firewall Result: Monitor over 400 databases (Oracle, IBM DB2, Microsoft SQL Server) with daily activity reporting from audit logs Benefit: Improved security and streamlined compliance reporting North American Retailer Detective Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data-Driven Access Control Russ DE HR Franck FR Marketing Paolo SP Consulting Luca IT Corporate Karen NE Sales Bob US Eng Mary US Eng Jim CA Eng Leslie MX Eng
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21 Situation: Consolidated patient data; HIPAA/HITRUST requirement for patient consent prior to data sharing Solution: Oracle Label Security Result: Enforcement of data access based with labels indicating patient consent status Benefit: Compliance with HITRUST requirements with minimal system modifications US Healthcare Provider Situation: Hundreds of business analysts needing access to raw data, but not access to certain sensitive data elements Solution: Virtual Private Database Result: Column-level access controlled by data values Benefit: Analysts were able to access data objects without risk of proliferation of sensitive data Large Asset Management Company Situation: Securing multiple departmental applications from accessing Billing/utility data from diverse sources Solution: Real Application Security data realms/columns Result: Applications leverage common data access policy enforcement at database Benefit: Cost savings; no access controls per applications Electric Utility Service Provider Situation: Managing data for both commercial and government customers; US ITAR regulations Solution: Oracle Label Security Result: Ability to comply with ITAR requirements for data using existing information systems Benefit: Reduced systems and management costs Defense/Commercial Manufacturer Data-Driven Security Controls – Customer Use Cases
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Crypto Toolkit for Applications Row Level SecurityKey Management Data Encryption EVALUATE Comprehensive Database Security Controls PREVENT DETECT DATA DRIVEN SECURITY Security Configuration Sensitive Data Discovery Privilege Analysis DBA & Operation Controls Database Auditing Database Firewall Real Application Security Label based Security Centralized Monitoring Security Assessment Alerting & Reporting Data Redaction Data Masking and Subsetting 23 Defense in depth Security
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SECURITY INSIDE-OUT Security close to the data: Eliminates guesswork, maximizes performance, application transparency ENTERPRISE DEPLOYMENTS Across multiple systems: Operating systems, heterogeneous databases, applications, Cloud, … Oracle Database Security Strategy DEFENSE-IN-DEPTH SECURITY CONTROLS Overlapping controls: Encryption, masking, auditing, monitoring, access control, redaction, … ANTICIPATE THREATS & MITIGATE Transparent Data Encryption, DBA Control, Redaction, Masking, Privilege Analysis, DB Firewall, RAS, Cloud, … 24
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 25
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26
Best Practices for implementing Database Security Comprehensive Database Security

Recommended

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Zero to Snowflake Presentation
Zero to Snowflake Presentation Zero to Snowflake Presentation
Zero to Snowflake Presentation Brett VanderPlaats
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Modernizing to a Cloud Data Architecture
Modernizing to a Cloud Data ArchitectureModernizing to a Cloud Data Architecture
Modernizing to a Cloud Data ArchitectureDatabricks
 

Recommended

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Zero to Snowflake Presentation
Zero to Snowflake Presentation Zero to Snowflake Presentation
Zero to Snowflake Presentation Brett VanderPlaats
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Modernizing to a Cloud Data Architecture
Modernizing to a Cloud Data ArchitectureModernizing to a Cloud Data Architecture
Modernizing to a Cloud Data ArchitectureDatabricks
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best PracticesDATAVERSITY
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for DinnerKent Graziano
 
Data Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practicesData Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practicesCarl Anderson
 
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data PipelinesPutting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data PipelinesDATAVERSITY
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Data Management is Data Governance
Data Management is Data GovernanceData Management is Data Governance
Data Management is Data GovernanceDATAVERSITY
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
The Importance of Metadata
The Importance of MetadataThe Importance of Metadata
The Importance of MetadataDATAVERSITY
 
Building a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - WebinarBuilding a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - WebinarAmazon Web Services
 
Modern Data Architecture
Modern Data ArchitectureModern Data Architecture
Modern Data ArchitectureAlexey Grishchenko
 
Straight Talk to Demystify Data Lineage
Straight Talk to Demystify Data LineageStraight Talk to Demystify Data Lineage
Straight Talk to Demystify Data LineageDATAVERSITY
 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...HostedbyConfluent
 
DMBOK and Data Governance
DMBOK and Data GovernanceDMBOK and Data Governance
DMBOK and Data GovernancePeter Vennel PMP,SCEA,CBIP,CDMP
 
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...DATAVERSITY
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsOlivier DASINI
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesDataWorks Summit
 

More Related Content

What's hot

Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best PracticesDATAVERSITY
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for DinnerKent Graziano
 
Data Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practicesData Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practicesCarl Anderson
 
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data PipelinesPutting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data PipelinesDATAVERSITY
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Data Management is Data Governance
Data Management is Data GovernanceData Management is Data Governance
Data Management is Data GovernanceDATAVERSITY
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
The Importance of Metadata
The Importance of MetadataThe Importance of Metadata
The Importance of MetadataDATAVERSITY
 
Building a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - WebinarBuilding a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - WebinarAmazon Web Services
 
Straight Talk to Demystify Data Lineage
Straight Talk to Demystify Data LineageStraight Talk to Demystify Data Lineage
Straight Talk to Demystify Data LineageDATAVERSITY
 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...HostedbyConfluent
 
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...DATAVERSITY
 

What's hot (20)

Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best Practices
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for Dinner
 
Data Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practicesData Quality: principles, approaches, and best practices
Data Quality: principles, approaches, and best practices
 
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data PipelinesPutting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
Putting the Ops in DataOps: Orchestrate the Flow of Data Across Data Pipelines
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...
 
Database security
Database securityDatabase security
Database security
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
Data Management is Data Governance
Data Management is Data GovernanceData Management is Data Governance
Data Management is Data Governance
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
The Importance of Metadata
The Importance of MetadataThe Importance of Metadata
The Importance of Metadata
 
Building a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - WebinarBuilding a Modern Data Architecture on AWS - Webinar
Building a Modern Data Architecture on AWS - Webinar
 
Modern Data Architecture
Modern Data ArchitectureModern Data Architecture
Modern Data Architecture
 
Straight Talk to Demystify Data Lineage
Straight Talk to Demystify Data LineageStraight Talk to Demystify Data Lineage
Straight Talk to Demystify Data Lineage
 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
 
DMBOK and Data Governance
DMBOK and Data GovernanceDMBOK and Data Governance
DMBOK and Data Governance
 
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
DAS Slides: Building a Data Strategy — Practical Steps for Aligning with Busi...
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 

Similar to Best Practices for implementing Database Security Comprehensive Database Security

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsOlivier DASINI
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesDataWorks Summit
 
The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraThe Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraLuca Martelli
 
Insights into Real World Data Management Challenges
Insights into Real World Data Management ChallengesInsights into Real World Data Management Challenges
Insights into Real World Data Management ChallengesDataWorks Summit
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
Data center Trends with Oracle
Data center Trends with OracleData center Trends with Oracle
Data center Trends with OracleFran Navarro
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is nextThomas Teske
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013Dave Segleau
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Australia
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Bilbao oracle12c keynote
Bilbao oracle12c keynoteBilbao oracle12c keynote
Bilbao oracle12c keynoteAitor Ibañez
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Minh237839
 
Data Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening NewsData Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening NewsSolarWinds
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. Dscoopnewsgroup
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 

Similar to Best Practices for implementing Database Security Comprehensive Database Security (20)

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
 
The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraThe Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era
 
Insights into Real World Data Management Challenges
Insights into Real World Data Management ChallengesInsights into Real World Data Management Challenges
Insights into Real World Data Management Challenges
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Highly Automated IT
Highly Automated ITHighly Automated IT
Highly Automated IT
 
Data center Trends with Oracle
Data center Trends with OracleData center Trends with Oracle
Data center Trends with Oracle
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is next
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013NoSQL Databases for Enterprises - NoSQL Now Conference 2013
NoSQL Databases for Enterprises - NoSQL Now Conference 2013
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Bilbao oracle12c keynote
Bilbao oracle12c keynoteBilbao oracle12c keynote
Bilbao oracle12c keynote
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
 
Data Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening NewsData Breaches: Protecting Your Database from the Evening News
Data Breaches: Protecting Your Database from the Evening News
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Best Practices for implementing Database Security Comprehensive Database Security

  • 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Best Practices for implementing Database Security Comprehensive Database Security Saikat Saha Product Director Database Security, Oracle October 02, 2017
  • 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Privacy & Security Regulations Increasing World-Wide EU GDPR PCI NZPA APP APPI Ch GDPL HK PDPO Si PDPA Th OIA Ru DPA IT Act SAECTA MDPA APDPL CLPPL Art. 5 CDPL MPDPL FOIPPAPIPEDA NY DFS 500 48 State Data Privacy laws Patriot Act CIPHIPAA GLBA
  • 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 98M Target DEC ‘13 1B Yahoo Dec ’16 400M Friend Finder Dec ‘16 150M eBay May ‘14 200M Experian Mar ’14 US Voters 191M, Dec 15 150M Adobe Oct ‘13 56M Home Depot Sep ‘14 76M JPMC Oct ‘14 80M Anthem Feb ‘15 2M Vodafone Oct ‘13 42M Cupid Media Jan ’13 TBs IP Sony Nov ’14 2M Orange Feb/Apr ‘14 20M Credit Bureau 12M Telecom S. Korea Jan ‘14 22M Benesse Education Jul ‘14 Japan Espionage Kaspersky Jun ‘15 400GB IP Theft Hacking Team Jul ‘15 Carphone Warehouse Aug ’15 2.4M 4M Talk Talk Oct 15 50M Turkish Govt Apr ‘16 5M VTech Nov ‘15 30M BSNL Telco Journal Jul ‘15 Kmart Oct ‘15 11M Premera Blue Cross Mar ‘15 93M Mexico Voter Apr ‘16 154M US Voter Jun ‘16 32M Ashley Madison Jul ’15 US OPM, 22M Jun ’15 15M T-Mobile Oct ’15 4.6M Scottrade Oct ’15 55M Philippines Voter list Apr ‘16 4 Data Breaches are Exploding World-Wide 3.2M Debit cards Oct ‘16 Sabre Mar ‘16 CIA Apr ‘17 77M Edmodo May ‘17 143M Equifax July ‘17
  • 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data is Today’s Capital • Data breaches are exploding world-wide – Databases continue to be the prime target • Fast Evolving, Stringent Regulatory Landscape – Across industries and regions – Laws that aim to protect data and citizen privacy • Data Security Strategy – Protect against multiple threat actors and multiple vectors – With built-in, comprehensive security controls – For on-premise and cloud databases 5 But in the Wrong Hands, Data Becomes the New Liability
  • 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | XSS / Malware Changing Threat Landscape 6 Databases remain the Target Threat Actors Hackers OS Admin DBA Test & Dev End-Users Support SQL Injection Stolen Credentials Ransomware Physical Theft Privilege Escalation Network Sniffing Threat Vectors Middleware Applications Databases Operating System Network Storage Backup Threat Targets
  • 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
  • 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Evaluate Security Risks
  • 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9 Situation: Hundreds of databases distributed around the globe, scattered across dozens of acquired companies; no unified configuration standard Solution: Oracle Database Security Assessment (DBSAT) Result: Significant misconfigurations identified, leading to a single configuration standard being applied everywhere Benefit: Reduced risk of breach and easier security audits against a well-defined standard Global Oil Field Services Provider Situation: Thousands of Oracle Databases managed by silos of administrators; no comprehensive picture of databases’ security posture Solution: Continuous compliance monitoring with Oracle Enterprise Manager Database Lifecycle Management Pack Result: Near-real time alerts when any database configuration drift introduces security risk Benefit: Reduced audit costs, improved security Very Large Semiconductor Manufacturer Situation: Migrating SAP installation to a new infrastructure; desire to harden deployment at the same time Solution: Oracle Database Security Assessment (DBSAT) Result: Discovered many security issues including use of default SAP application account configured for password-less login Benefit: Potential production vulnerability avoided Global Auto Manufacturer Situation: Dozens of production databases with no model of where sensitive data resides making it difficult to apply suitable security policies and controls Solution: Sensitive Data Discovery with Oracle DB Security Result: 400+ columns of SSN & other sensitive data identified Benefit: Ability to apply appropriate security controls on data US Insurance Provider Evaluative Controls – Customer Use Cases
  • 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Prevent Data Compromise
  • 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Reducing the Risk from Malicious Users Oracle Database Vault 11 Separation of Duty Over Privileged Account Least Privilege Protect Sensitive Data Minimize impact to • Applications • Performance • High Availability • Operations Prevent Database Change
  • 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Disks Exports Backups Transparent Data Encryption Encrypted Storage d$f8#;!90Wz@Yg#3 Redacted Applications Data Redaction Oracle Advanced Security 12
  • 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Advanced Security Transparent Data Encryption (TDE) 13 Disks Exports Off-Site Facilities • Encrypts columns or entire tablespaces • Protects the database files on disk and on backups • High-speed performance • Transparent to applications, no changes required • Integrated with Oracle DB technologies Applications Encrypted Data Backups Clear Data d$f8#; !90Wz Yg#3R qR+% @Ue#3 R+%K# *HH$7 #9Vlka
  • 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | TDE Integration with Oracle Database 14 Database Technologies Example Points of Integration TDE Support High-Availability Clusters Oracle Real Application Clusters (RAC), Data Guard, Active Data Guard Backup and Restore Oracle Recovery Manager (RMAN), Oracle Secure Backup Export and Import Oracle Data Pump Export and Import Database Replication Oracle Golden Gate Pluggable Databases Oracle Multitenant Option Engineered Systems Oracle Exadata Smart Scans Storage Management Oracle Automatic Storage Management (ASM) Data Compression Oracle Standard, Advanced , and Hybrid Columnar Compression
  • 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle Key Vault – Centralized Key Management 15 Oracle Wallet Upload & Download Oracle Database Online Master Key ASM Storage Nodes ASM Cluster File Systems (Encrypted) Online Master Key Credential File Upload & Download Java Keystore Upload & Download MySQL Keys Solaris Crypto Keys
  • 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Situation: Fourteen independent operating units consolidating different Oracle eBusiness Suite (EBS) instances; requirement to support migration and test Solution: Data Masking with eBusiness Suite templates Result: Substantial reduction in risk (and risk-mitigation costs) by removing sensitive data from non-production systems Benefit: Initial consolidation of three business units was accomplished in the first year Consumer Goods Manufacturer Situation: Hortonworks Hadoop with sensitive/classified information Solution: BigData SQL, Oracle Data Redaction and Virtual Private Database (VPD) across Oracle DB and Hadoop Result: Ability to restrict user access to sensitive data in data lake Benefit: Data from a single big data repository can be shared among agencies while maintaining adherence to data classification policies European Government Ministry Situation: Board of Directors mandate to encrypt databases for critical applications by end of 2017 Solution: Transparent Data Encryption with Oracle Key Vault Result: Encrypted 50 databases containing sensitive customer data Benefit: Information protection throughout data lifecycle at scale with automated key management Diversified Telecommunications Company Situation: 1,000s of databases; recent breach led to evaluation of security practices, and how they could be improved Solution: Transparent Data Encryption and Oracle Database Vault Result: Most databases encrypted within the first year. Database Vault security realms protect data from privileged accounts Benefit: Confidentiality of data throughout the data lifecycle and protection from data loss from stolen privileged user credentials Top Global Bank Preventive Controls – Customer Use Cases
  • 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 17 Detect Anomalies, Support Investigations
  • 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Audit Data, Event Logs Database Firewall Network Events Audit Vault Monitor and Audit Enterprise Databases 18 Security Alerts SIEM Reports, Alerts Ad-hoc queries Security Analyst
  • 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19 Situation: 100s of production databases containing sensitive IP; need to monitor for potential attacks and support compliance audits Solution: Oracle Audit Vault and Database Firewall Result: 200+ databases monitored within 3 months with regular reporting of audit information Benefit: Improved visibility and reporting for regulatory audits Multinational Semiconductor Company Situation: Need to comply with PCI DSS, SOX and GLBA Solution: Oracle Database Firewall Result: Monitoring of peak loads of 10k transactions/sec while maintaining database performance Benefit: Improved database traffic visibility Consumer Credit Reporting Company Situation: Public health record system; requirement for bank- strength security features Solution: Oracle Database Firewall Result: Monitoring access to health records in multivendor systems (Oracle MySQL, Sybase, IBM, MS SQL Server) to detect suspicious or inappropriate behavior Benefit: Improved posture for this patient “opt-in” service National Health Ministry Situation: Heterogeneous DB environment supporting over 700 stores in US, Canada, Japan, Australia and Mexico; requirement to comply with complex world-wide privacy regulations Solution: Oracle Audit Vault and Database Firewall Result: Monitor over 400 databases (Oracle, IBM DB2, Microsoft SQL Server) with daily activity reporting from audit logs Benefit: Improved security and streamlined compliance reporting North American Retailer Detective Controls – Customer Use Cases
  • 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Data-Driven Access Control Russ DE HR Franck FR Marketing Paolo SP Consulting Luca IT Corporate Karen NE Sales Bob US Eng Mary US Eng Jim CA Eng Leslie MX Eng
  • 21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21 Situation: Consolidated patient data; HIPAA/HITRUST requirement for patient consent prior to data sharing Solution: Oracle Label Security Result: Enforcement of data access based with labels indicating patient consent status Benefit: Compliance with HITRUST requirements with minimal system modifications US Healthcare Provider Situation: Hundreds of business analysts needing access to raw data, but not access to certain sensitive data elements Solution: Virtual Private Database Result: Column-level access controlled by data values Benefit: Analysts were able to access data objects without risk of proliferation of sensitive data Large Asset Management Company Situation: Securing multiple departmental applications from accessing Billing/utility data from diverse sources Solution: Real Application Security data realms/columns Result: Applications leverage common data access policy enforcement at database Benefit: Cost savings; no access controls per applications Electric Utility Service Provider Situation: Managing data for both commercial and government customers; US ITAR regulations Solution: Oracle Label Security Result: Ability to comply with ITAR requirements for data using existing information systems Benefit: Reduced systems and management costs Defense/Commercial Manufacturer Data-Driven Security Controls – Customer Use Cases
  • 22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22 Evaluate Prevent Detect Data Driven Security Comprehensive Database Security Controls
  • 23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Crypto Toolkit for Applications Row Level SecurityKey Management Data Encryption EVALUATE Comprehensive Database Security Controls PREVENT DETECT DATA DRIVEN SECURITY Security Configuration Sensitive Data Discovery Privilege Analysis DBA & Operation Controls Database Auditing Database Firewall Real Application Security Label based Security Centralized Monitoring Security Assessment Alerting & Reporting Data Redaction Data Masking and Subsetting 23 Defense in depth Security
  • 24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SECURITY INSIDE-OUT Security close to the data: Eliminates guesswork, maximizes performance, application transparency ENTERPRISE DEPLOYMENTS Across multiple systems: Operating systems, heterogeneous databases, applications, Cloud, … Oracle Database Security Strategy DEFENSE-IN-DEPTH SECURITY CONTROLS Overlapping controls: Encryption, masking, auditing, monitoring, access control, redaction, … ANTICIPATE THREATS & MITIGATE Transparent Data Encryption, DBA Control, Redaction, Masking, Privilege Analysis, DB Firewall, RAS, Cloud, … 24
  • 25. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 25
  • 26. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26