5 Questions Your Business May Ask1• Can we guarantee privacy of our customer data?2• Have we suffered any breaches?3• Do the DBAs know the financial results before the management?4• Are we in compliance with all regulations?5• Can we secure our existing applications?
How is Data Compromised?Source: Verizon 2010 Data BreachInvestigations Report
Typical current security architecture database application data center• Sensitive information created & secured in the database • Backups are secured • Access to sensitive database tables controlled• Information is transmitted securely to the application • Database to application • Server to client (application to browser)• IDM technologies secure access to the application
Oracle Database SecurityDefense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Tracking • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Monitoring and Blocking • Oracle Database Firewall
Oracle Database Vault Enforce Security Policies Inside the Database Security DBA Procurement Application DBAApplication HR Finance select * from finance.customers DBA• Automatic and customizable DBA separation of duties and protective realms• Enforce who, where, when, and how using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass and enforce enterprise data governance• Securely consolidate application data or enable multi-tenant data management
Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Production Non-ProductionLAST_NAME SSN SALARY LAST_NAME SSN SALARYAGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 60,000BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000 Data never leaves Database• Make application data securely available in non-production environments• Prevent application developers and testers from seeing production data• Extensible template library and policies for data masking automation• Referential integrity automatically preserved so applications continue to work
You have secured the perimeters…… but digital information is no respecter of perimeters! Email File system SharePoint Intranet/ Extranet Content Management
Which perimeter are we talking about?Many business processes involve external parties Email File system SharePoint Intranet/ Extranet Content Management
Typical methods for securing desktops Prevent use ofOS access control external services Encrypt disk Prevent use of external devices Encrypt content (PGP) Monitor information flow (DLP)• Buying all these solutions is expensive• What about partners, customers, suppliers?• Massively restrict end users ability to work• Protect the content instead of location!
This User Doesn’t Have Rights to ViewEven if stored on a local file system or external drive Access can be revoked at any time
This User Only Has Read AccessNo printing, editing or screen captures… PartnerUser can viewdocument inMS Word, buttake screenshotand paste….
Oracle Information Rights Management Securing all copies of your sensitive information Enterprise perimeters Email File systems ECM Supplier Customer Intranet/ Databases extranet Oracle IRM Server Partner• Everywhere IRM-encrypted content is stored, transmitted or used • NO ACCESS FOR UNAUTHORIZED USERS • Transparent, revocable access for authorized users • Centralized policy and auditing for widely distributed content• Content security beyond the database, application and firewall
Oracle Security Inside Out Database Security • Encryption and Masking • Privileged User Controls • Multi-Factor Authorization • Activity Monitoring and Audit • Secure Configuration Identity Management • User Provisioning • Role Management • Entitlements ManagementInformation • Risk-Based Access Control • Virtual Directories Infrastructure Databases Information Rights Management Applications • Document-level Access Control Content • All copies, regardless of location (even beyond the firewall) • Auditing and Revocation Oracle Confidential 24