<Insert Picture Here> Oracle Database Vault

Similar documents
Oracle Database Security Solutions

<Insert Picture Here> Oracle Database Security Overview

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Oracle Database 11g: Security. What you will learn:

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Security

Securing Data in Oracle Database 12c

Securing Oracle E-Business Suite in the Cloud

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

MySQL Security: Best Practices

D50323GC20 Oracle Database 11g: Security Release 2

Making Database Security an IT Security Priority

Oracle Database 11g: Security

Complete Database Security. Thomas Kyte

Real-Time Database Protection and. Overview IBM Corporation

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Protecting Sensitive Data Reducing Risk with Oracle Database Security

An Oracle White Paper June Security and Compliance with Oracle Database 12c

An Oracle White Paper April Security and Compliance with Oracle Database 12c

Oracle 1Z0-528 Exam Questions & Answers

Oracle Database 11g: Security Release 2

Governance, Risk & Compliance for Public Sector

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Data Security: Strategy and Tactics for Success

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

Hacking Oracle myths and facts. Michał Jerzy Kostrzewa EECIS Director Database Technologies

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

Oracle Database 11g: Security

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

An Oracle White Paper July Security in Private Database Clouds

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Enterprise Database Security & Monitoring: Guardium Overview

New Oracle 12c Security Features Oracle E-Business Suite Perspective

Encrypting Sensitive Data in Oracle E-Business Suite

Rebuilding Corporate Trust: GRC and IT Governance. Dražen Patarić Senior Sales Consultant

Database Security Questions HOUG Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

Auditing Data Access Without Bringing Your Database To Its Knees

Oracle Database 11g Security Essentials

Enforcive / Enterprise Security

<Insert Picture Here> How to protect sensitive data, challenges & risks

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

Oracle Audit Vault and Database Firewall

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Guardium Change Auditing System (CAS)

How To Ensure Financial Compliance

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

All Things Oracle Database Encryption

Oracle Database Cloud Services OGh DBA & Middleware Day

DMZ Gateways: Secret Weapons for Data Security

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Oracle Database 10g: Security Release 2

Oracle EXAM - 1Z Oracle Database 11g Security Essentials. Buy Full Product.

mission critical applications mission critical security Internal Auditor Primer: Oracle E-Business Suite Security Risks Primer

Addressing Cyber Security in Oracle Utilities Applications

Oracle White Paper October Oracle Advanced Security with Oracle Database 11g Release 2

<Insert Picture Here> Managing Storage in Private Clouds with Oracle Cloud File System OOW 2011 presentation

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

McAfee Database Security. Dan Sarel, VP Database Security Products

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Managing Oracle E-Business Suite Security

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

Vormetric Data Security

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

How to Audit the Top Ten E-Business Suite Security Risks

Oracle Database 12c Security and Compliance O R A C L E W H I T E P A P E R F E B R U A R Y

Trust but Verify: Best Practices for Monitoring Privileged Users

Data Privacy The Database Story Oded Raz, Co CEO & Co Founder of

IBM Tivoli Compliance Insight Manager

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Database Security. Oracle Database 12c - New Features and Planning Now

Protecting Data Assets and Reducing Risk

PCI Compliance in Oracle E-Business Suite

Oracle Database Security Myths

Oracle Enterprise Manager 12c

Oracle Database Security

OTM Security in an Evolving Threat Landscape. Anoop Jangamakote Ryan Haney

Transcription:

<Insert Picture Here> Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2

Agenda Regulatory Compliance and Application Security Oracle Database Vault Overview Oracle Database Vault Protection for Applications PeopleSoft, E-Business Suite, Siebel, and more Where to go for more information Q&A 3

Application Data Security & Compliance Business Drivers Security Threats Identity Theft Industrial Espionage Insider Threats Data Consolidation Globalization Right Sourcing Compliance Mandates EU Directives SOX JSOX HIPAA Basel II PCI GLBA SB1386 4

Oracle7 Application Data Security & Compliance Continuous Innovation Oracle8i Oracle Database 9i Data Masking TDE Tablespace Encryption Oracle Total Recall Oracle Audit Vault Oracle Database Vault Transparent Data Encryption (TDE) Real Time Masking Secure Config Scanning Fine Grained Auditing Oracle Label Security Enterprise User Security Virtual Private Database (VPD) Database Encryption API Strong Authentication Native Network Encryption Database Auditing Government customer Oracle Database 10g Oracle Database 11g 5

Application Data Security & Compliance Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption and Masking Advanced Security Secure Backup Data Masking 6

Application Data Security & Compliance Oracle Database Vault Controls on privileged users Restrict highly privileged users from application data Reports Provide Separation of Duty Security for database and information consolidation Real time access controls Control who, when, where and how data is accessed Make decision based on IP address, time, auth Command Rules Protection Realms Multi-Factor Authorization Separation of Duty 7

Oracle Database Vault Control Access to Application Data Benefits Transparently prevent admin access to application data with Realms DBA Control SQL commands and other database operations Enforce whom, how, where, and when with multi-factor authorization Get Separation-of-duty Securely consolidate databases No application changes required Financials Application User 8

Oracle Database Vault Protection Realms Database DBA views HR data Compliance and protection from insiders DBA select * from HR.emp HR DBA views Fin. data Eliminates security risks from server consolidation HR DBA FIN DBA HR HR HR Realm Fin Fin Fin Realm 9

Oracle Database Vault Transparent Multi-factor Authorization SELECT. HR account Unexpected IP address HR FIN DBA CREATE Business hours FIN 10

<Insert Picture Here> Example: Protecting application data from Database privileged users 11

12

13

Database Vault Administration Page 14

Step 1. Defining a Realm 15

Step 2. Adding Protected Schema 16

17

18

<Insert Picture Here> Example: Limiting connection from non-application server IP addresses 19

Limit Access to Specific IP Addresses Creating a Command Rule 20

List of Allowed IP Addresses 21

Connection Blocked from Other IP Addresses 22

<Insert Picture Here> Application Data Security & Compliance Oracle Database Vault & Grid Control 23

Enterprise Manager Grid Control Database Vault Target 24

Enterprise Manager Grid Control Database Vault Generated Alerts 25

<Insert Picture Here> Application Data Security & Compliance Oracle Database Vault & PeopleSoft 26

Application Data Security & Compliance PeopleSoft Protection with Oracle Database Vault All PeopleSoft modules are protected Realm that protects PeopleSoft (SYSADM schema) A CONNECT Command Rule that ensures Access through middle tier Access from trusted IP addresses A SELECT Command Rule restricts Application DBA access Separation of Duty Database Account Manager Security Administrator Application DBA Extensible Customer can create additional realms and command rules 27

Application Data Security & Compliance PeopleSoft supported versions with Database Vault PeopleSoft apps less than 8.4 (e.g.. 8.0, 8.1, 8.3) Must be on PeopleTools 8.22 PeopleSoft apps 8.4 or greater (e.g.. 8.4, 8.8, 8.9, 9.0 and higher) Must be on PeopleTools 8.46 or greater Oracle Database versions: Oracle Database 10.2.0.3 or 10.2.0.4 (recommended) Oracle Database 9.2.0.8 Oracle Database 11g release 28

Protection Type Authorized with Rule Set SYSADM PSFTDBA SYSTEM DBA PeopleSoft Realm OWNER OWNER No Access No Access Select Command Rule Not Restricted Limit PSFTDB Rule Set No Access No Access Connect Command Rule PeopleSoft Access Rule Set Not Restricted Not Restricted Not Restricted Drop Tablespace Command Rule Disabled Rule Set Disabled Rule Set Disabled Rule Set Disabled Rule Set

Pharmaceutical Services Customer We will put an industry relevant image here Challenge Solution Results Customer Profile -Over 11K employees, with revenue over $500 Million -15 databases -Solaris Platform Meet internal and external compliance requirements Streamline data management, optimizing a lean IT staff Protect the privacy and security of very sensitive data Oracle Database Vault Separation of Duties Realms and Command Rules to restrict DBAs access to PeopleSoft Multi-factor authorization to prevent application by-pass Ensure compliance with regulation such as Sarbanes-Oxley Reduce the risk of data breaches and impropriety by limiting access to sensitive information with preventive controls Save time and money by implementing The Oracle-provided PeopleSoft-specific Database Vault protection policies 30

<Insert Picture Here> Application Data Security & Compliance Oracle Database Vault & E-Business Suite 31

Application Data Security & Compliance E-Business Suite Protection with Database Vault E-Business Suite data protected Oracle Database Vault pre-seeded Realms prevent access by unauthorized privileged users to E-Business Suite application data All E-Business Suite modules are Protected Oracle Database Vault Separation of Duty prevents new account creation or ad hoc changing of passwords Extensible Define custom command rules to restrict ad-hoc access to specific Factors such as IP addresses or subnets Define custom realms for E-Business Suite custom schemas 32

Application Data Security & Compliance EBS with Database Vault best practices Treat the SYSTEM account the same way as APPS account SYSTEM account is required to run the AD utilities Monitoring Audit using database auditing during patching for SYSTEM and APPS Mitigate the risk of accessing data during patching Manage accounts passwords when not doing patching Security Administrator should own the passwords for these accounts 33

Application Data Security & Compliance EBS with Database Vault supported versions Certified Configurations E-Business Suite Release 11.5.10.CU2 or 12.0 and higher Oracle Database 10.2.0.4 Oracle Database 11.1.0.7 will be certified soon Documentation Integrating Oracle E-Business Suite Release 12 with Oracle Database Vault 10gR2 (Note 566841.1) Integrating Oracle E-Business Suite Release 11i with Oracle Database Vault 10gR2 (Note 428503.1) 34

Oracle Database Vault E-Business Suite Application Protection Matrix 35

Global Financial Services Customer We will put an industry relevant image here Challenge Solution Results Customer Profile -Over 100K employees, with revenue over $50 Billion -Over 800 databases -Solaris, Linux x86-64, and AIX Platforms Meet internal and external compliance requirements Streamline data management, optimizing a lean IT staff Protect the privacy and security of very sensitive client data Oracle Database Vault Separation of Duties Realms and Command Rules to restrict DBAs access to sensitive data Multi-factor authorization to prevent application by-pass Ensure compliance with regulation such as Sarbanes-Oxley Reduce the risk of data breaches and impropriety by limiting access to sensitive information with preventive controls Save over $15 mil a year by outsourcing/off-shoring backend operations while still be compliant with regulations 36

<Insert Picture Here> Application Data Security & Compliance Oracle Database Vault & Siebel 37

Application Data Security & Compliance Siebel Protection with Oracle Database Vault All Siebel modules are protected Siebel Realm protects the Siebel database schema CONNECT Command Rule that ensures Access through middle tier Access from trusted IP addresses SELECT Command Rule restricts SIEBELDBA data access Separation of Duty Database Account Manager Security Administrator Application DBA: SIEBELDBA user Extensible Customer can create additional realms and command rules 38

Application Data Security & Compliance Siebel Supported Versions All Siebel modules are supported Service, Sales, Marketing, etc Siebel 7.7 and above versions are supported 7.7 7.8 8.x Oracle DB Versions: Oracle Database 10.2.0.4 Oracle Database 11.1.0.7 39

Global Telecom Services Customer We will put an industry relevant image here Challenge Solution Results Customer Profile -Over 80K employees, with revenue over $30 Billion -Over 200 databases -Solaris, Linux x86-64, and HPUX Platforms Meet internal and European compliance requirements Prevent any tampering or deletion of database objects Protect the privacy and security of very sensitive client data Oracle Database Vault Separation of Duties Realms and Command Rules to restrict DBAs access to sensitive data Command Rules to prevent any tampering of database objects Ensure compliance with regulations - European privacy laws Reduce the risk of data breaches and impropriety Enhance Application Availability by gaining confidence that no user can change database objects without the Security Administrator s approval 40

Authorized with Rule Set SIEBEL SIEBELDBA SADMIN DBA And SYSTEM Protection Type Siebel Realm OWNER OWNER Access through middle tier No Access Select Command Rule Not Restricted Restrict Select Rule Set Not Restricted No Access Connect Command Rule Siebel Access Rule Set Not Restricted Siebel Access Rule Set Not Restricted Drop Tablespace Command Rule Disabled Rule Set Disabled Rule Set Disabled Rule Set Disabled Rule Set

Application Data Security & Compliance Application Protection Summary with Database Vault Application / Product PeopleSoft Applications E-Business Suite Applications Oracle Siebel Applications JDE Applications Partner applications (SAP) Oracle Content DB Oracle Internet Directory Protection Status (In progress) (In progress) 42

<Insert Picture Here> Application Data Security & Compliance Summary 43

Application Data Security & Compliance Oracle Database Vault - Summary Enforce Separation of Duty for the Database Prevent DBA access to sensitive data Protect applications using Protection templates available for download for: PeopleSoft, EBS, and Siebel Use Enterprise Manager Grid Control integration Apply on all of your existing Database releases: Oracle Database Releases 11g, 10g, and even 9i Achieve Better JSOX compliance for the Database 44

Learn More Database Vault technical details http://www.oracle.com/technology/deploy/security/database-security/databasevault/index.html Steven Chan blog http://blogs.oracle.com/schan PeopleSoft s Database Vault Protection templates: http://www.oracle.com/technology/software/products/database_vault/index.html Siebel s Database Vault protection templates http://www.oracle.com/technology/software/products/database_vault/index.html 45

46

47

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information