The document introduces Oracle Key Vault for centralized encryption key management. It discusses key management challenges around proliferation of keys, sharing keys, availability, and regulatory compliance. Oracle Key Vault provides a secure key manager that is optimized for Oracle software and compliant with standards. It allows centrally managing and sharing keys across databases, middleware, and systems. The appliance-based solution provides tools for enrollment, provisioning, user management, reporting, and wallet administration.

1. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Introducing Oracle Key Vault
Centralized Encryption Key Management

2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

3. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 3
Key Management Challenges Heard from Customers
Management Challenges
• Proliferation of encryption wallets and keys
• Authorized sharing of keys
• Key availability, retention, and recovery
• Custody of keys and key storage files
Regulatory Challenges
• Physical separation of keys from encrypted data
• Periodic key rotations
• Monitoring and auditing of keys
• Long-term retention of keys and encrypted data

4. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Regulatory Drivers
3.5 Store cryptographic keys in a secure form (3.5.2), in the fewest
possible locations (3.5.3) and with access restricted to the fewest
possible custodians (3.5.1)
3.6 Verify that key-management procedures are implemented for
periodic key changes (3.6.4)
And more!
PCI DSS v3.0
November 2013
44

5. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Key Management with Oracle Key Vault
• Centrally manage and share keys, secrets, Oracle wallets, Java keystores, and more
• Optimized for Oracle stack (Database, Middleware, Systems) and Advanced Security TDE
• Robust, secure, and standards compliant (OASIS KMIP) key manager
5

6. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Key Vault High-Level Architecture
Standby
Administration
Console, Alerts,
Reports
Secure Backups
= Credential File
= Oracle Wallet
= Server Password= Java Keystore
= Certificate
Databases
Servers
Middleware
6

7. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Advanced Security Transparent Data Encryption (TDE)
Oracle Wallet Scenarios
7
Single
Instance
GoldenGate
Multiple DBs
Same Machine
RAC
Data Guard

8. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Advanced Security Transparent Data Encryption (TDE)
Direct Connection Scenarios
8
Single
Instance
Multiple DBs
Same Machine
RAC
Data Guard
GoldenGate

9. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Enrolling and Provisioning Endpoints
9
1. One-time enrollment token
2. Endpoint package
3. Endpoint installation and
configuration4. Results: Endpoint
certificate, binaries and
configuration file
5. Grouping

10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Key Vault Software Appliance Platform
• Turnkey solution based on hardened stack
• Includes Oracle Database and security options
• Open x86-64 hardware to choose from
• Easy to install, configure, deploy, and patch
• Separation of duties for administrative users
• Full auditing, preconfigured reports, and alerts
10

11. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
All Items View with Search and Sort
11

12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Dashboard Summary of Operations
12

13. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Dashboard Summary of Endpoint and User Activity
13

14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
User Management and Separation of Duties
14

15. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Quick Summary of Servers
15

16. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Fine-Grained Server Details
16

17. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Server Groups for Sharing Keys and Ease of Administration
17

18. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Wallet Management
18

19. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Reporting and Alerting
19

20. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Summary of Oracle Key Vault
Modern, scalable, and robust key management
Secures, shares, and manages keys and secrets in the enterprise
Manages Oracle Wallets and Java Keystores
Optimized for Oracle Advanced Security TDE
Turnkey secure software appliance using Oracle technology
Open, based on industry standards
Engineered for the Oracle stack
20

21. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Database Security Solutions
Masking & Subsetting
Privileged User Controls
Encryption & Redaction
PREVENTIVE
Activity Monitoring
Database Firewall
Auditing & Reporting
DETECTIVE ADMINISTRATIVE
Privilege & Data Discovery
Configuration Management
Key & Wallet Management
21

22. Questions?
22

23. Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Connect With Us
oracle.com/database/security
/OracleDatabase /OracleSecurity blogs.oracle.com/
SecurityInsideOut
Oracle Database Insider /Oracle/database
23
blogs.oracle.com/
KeyManagement
/OracleLearning

24. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 24