How Secure Is Your Data Be Safe, or Be Sorry

Mega Breaches The Past 18 Months 200M Experian Mar 14 150M + Code Adobe Oct 13 53M Sony Dec 14 56M Home Depot Sep 14 98M Target Dec 13 150M ebay May 14 76M JPMC Oct 14 80M Anthem Feb 15 Attacks Malware SQL Injection 227M SA Banks OCT 13 Credit Cards Vulnerabilities No Encryption No Auditing/Monitoring 20M Credit Bureau 12M Telecom Jan 14 22M Education July 14 Immigration June 14 Personal Records Insider Access Password Theft Zero-day-attacks Poor Access Control No Configuration Control Poor Application Design/patching Copyright Copyright 2015, 2015, Oracle Oracle and/or and/or its its affiliates. All All rights reserved. 4

Why Data Security Alarming increases in cyber attacks, data breaches and their cost Over 1 billion records compromised from 2002-2012, now same in just 12 months (Verizon Data Breach Reports) Over 46 days to discover and resolve a data breach (Ponemon Institute Study, 2015) 97% preventable with basic controls & data encryption (Verizon Data Breach Reports) Average data breach cost $3.5M, and $201 per stolen record, and rising (Ponemon Institute, 2014) 45% of Senior Executives say their companies experience cyber attacks hourly or daily (Ponemon Institute, 2015) Cyber crime is $400B today, but could reach $3T in 10 years, if nothing is done (McKinsey Report) Copyright 2015, Oracle and/or its affiliates. All rights reserved.

Impact of Data Security Breaches #1 Direct Losses Customer Data Company Data Loss of Customers Employee Data Digital Assets Fines #2 Indirect Losses Loss of Sales/Market Share Negative Brand Impact Competitive Disadvantage Loss of Customer Trust #3 Ongoing Expenses Corruption of Data Recovery Costs Notification Costs Continuity Costs #4 Legal Exposure Regulations Violation Disclosure Requirements Executive Liabilities Lawsuits / Settlements Ever-increasing Risk and Cost! $3.5M avg. data breach cost (Ponemon Institute Study, 2014) Copyright 2015, Oracle and/or its affiliates. All rights reserved. 6

What Are You Doing To Secure Your Data Parameter/Network Security Alone is Not Enough Increasing Data Security Incidents and Risks in today s data driven hyper connected world Over 10,000 data breaches last year Over 1 Billion records compromised Billons of dollars in cost and brand damage Billions of new access points to worry about Remote, Mobile, IoT (40 billion by 2020) Copyright 2015, Oracle and/or its affiliates. All rights reserved. 7

Oracle Security Inside and Out Parameter Security Not Enough To Protect Your Data Built-in Security At Each Layer of the Stack Governance Risk & Compliance Access & Certification Review, Anomaly Detection, User Provisioning, Entitlements Management Mobile Security, Privileged Users Directory Services, Identity Governance Entitlements Management, Access Management Encryption, Masking, Redaction, Key Management Privileged User Control, Big Data Security, Secure Config Application + User Sandboxing, Delegated Admin Anti-malware system, Data + Network Protection Compliance Reporting, Secured App Lifecycle Secure Live Migration Immutable Zones Independent Control Plane Cryptographic Acceleration Silicon Secured Memory Application Data Integrity, Verified Boot Encryption, Access Controls, Enterprise Key Management, Secured Backup and DR Copyright 2015, Oracle and/or its affiliates. All rights reserved. Oracle Corporation - Confidential 8

Oracle Security Inside and Out Parameter Security Not Enough To Protect Your Data Built-in Security At Each Layer of the Stack Where Most Critical Data Resides Biggest data risk targets (IDC) Where Most Data Resides New SPARC M7 Governance Risk & Compliance Access & Certification Review, Anomaly Detection, User Provisioning, Entitlements Management Mobile Security, Privileged Users Directory Services, Identity Governance Entitlements Management, Access Management Encryption, Masking, Redaction, Key Management Privileged User Control, Big Data Security, Secure Config Application + User Sandboxing, Delegated Admin Anti-malware system, Data + Network Protection Compliance Reporting, Secured App Lifecycle Secure Live Migration Immutable Zones Independent Control Plane Cryptographic Acceleration Silicon Secured Memory Application Data Integrity, Verified Boot Encryption, Access Controls, Enterprise Key Management, Secured Backup and DR Copyright 2015, Oracle and/or its affiliates. All rights reserved. Oracle Corporation - Confidential 9

Oracle Database Security Maximizing Security for Critical Data Infrastructures PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Key Management Redaction, Masking and Subsetting DB and Privileged User Controls Database Firewall Auditing and Reporting Privilege & Data Discovery Configuration Management Oracle Database security provides Threat Anticipation, Mapping Controls, Data and User Classification Copyright 2015, Oracle and/or its affiliates. All rights reserved. Oracle Public 10

Transparent Data Encryption (TDE) Component of Oracle s Advanced Security Encrypted Data Disks Applications Clear Data Backups Exports Off-Site Facilities Encrypts columns or entire application tablespaces Protects the database files on disk, networks and backups* Transparent to applications, no changes required Tight Integration with Oracle DB Compression, RMAN, Data Pump, RAC, ASM, Active Data Guard and Golden Gate Centrally managed encryption keys (Key Vault) * Note: Encrypted data can not be de-duplicated or compressed Copyright 2015, Oracle and/or its affiliates. All rights reserved. 11

Preventive Database Security Controls Data Redaction Users ssn:xxx-xx-4321 dob:xx/xx/xxxx Applications DB Controls Dev/Test Partners, BI Access denied Insufficient Privilege Data Encryption Data Subsetting Data Masking Privileged Users Key Vault *7#$%!!@!%afb ##<>*$#@34 Region, Year Size-based ssn:123-34-6789 dob: 11/11/1111 Copyright 2015, Oracle and/or its affiliates. All rights reserved. Oracle Public 12

4 Write SSDs per Tray (max) 2TB DRAM Oracle ZFS Storage Engineered for Extreme Performance, efficiency and security Most Horsepower Possible Dynamic Storage Tiering (HSP) WRITE FLASH 2TB DRAM 80 Cores Processing Power 12.8TB Read Flash 10.5TB Write Flash 10K SAS-2 2TB DRAM 12TB READ FLASH 7.2K SAS-2 10K SAS-2 Adaptive I/O Staging LRU LFU (Evicted) MRU MFU SLC NAND Sync I/O Only Adaptive Throttle Algorithm Determines Pipe Size READ FLASH MLC NAND L2ARC Automated, real-time data migration from DRAM to multi-class flash, to multi-class disk storage Software specifically engineered for multi-level flash and disk storage SAS-2 (15K, 10K, 7K) Copyright 2015, Oracle and/or its affiliates. All rights reserved.

ZFS Storage Data Security and Protection Data Integrity Access Security All access authenticated and conducted over secure networks and protocols Use of LDAP, NIS and Active Directory for user identification & authentication Encrypted network communication (SSL/TLS) for replication Access Controls Fine-grained file access and administrative controls based on authorizations and permissions Defined role based authorization controls for user access ACLs for setting access, permissions and limits on files and directories Data Encryption Highly secure two -tier AES 256-bit storage encryption Granular, scalable and highly efficient High availability local and remote key management End-to-End Data Integrity and Protection Advanced checksum protection throughout the data path to eliminate any silent data corruption. Automatic, self healing architecture Fast and efficient backup and DR (unlimited snapshots, intelligent replication) Copyright 2015, Oracle and/or its affiliates. All rights reserved.

ZFS Storage Encryption Storage-based Data-at-Rest Encryption for All Data Simple Granular encryption for better efficiency, controls and manageability Project level, Share level or LUN level Easy and flexible to use and manage vis BUI or CLI Allows Encrypted and Clear Text data in same system Secure Strong AES 256-bit encryption keys Integrated local key management Centralized key management (OKM) Two tier encryption key architecture Authorization and access controls Available High Availability architecture DR and Backup support Capacity and drive independent Minimal key latency Copyright 2015, Oracle and/or its affiliates. All rights reserved. 16 16

Centralized Key Management (Oracle Key Manager) Oracle Key Manager T10000 LTO 5 T10000 Oracle DB SL 8500 Enterprise-class OKM 3 system Simple to Install and Operate Automated, policy driven system Server, OS, Application neutral Secure Strong encryption (AES-256-bit) end-to-end Strong key protection mechanisms FIPS compliant Scalable Supports multiple encryption devices Supports up to 1 million keys and 2000 devices (Disk, Tape, Java, Oracle DB, etc.) High Performance Key latency less than 250 milliseconds No storage server CPU cycles used High Availability Clustering up to 20 OKM appliances DR and Backup support for encryption keys Copyright 2015, Oracle and/or its affiliates. All rights reserved. 17

ZFS Storage Encryption Benefits Best Performance Data isolation decides which Share to encrypt to get best performance Granularity Storage Efficiency Share level encryption helps optimize storage efficiency Reduced Costs Reduced Risk Strong Authentication Access to encrypted data with LDAP authentication with policy adherence Security Effective Access Control Access Control protects your encrypted data from insider attacks "It is irresponsible for businesses not to encrypt the data," Trent Telford, Covata CEO quote after Anthem s 80M records breach Copyright 2015, Oracle and/or its affiliates. All rights reserved. 18

Just Announced: The Most Advanced Platform for Secure Computing First Ever Software in Silicon Architecture M7-16 M7-8 SuperCluster M7 Most Advanced Security World s Fastest Microprocessor T7-1 Wide key encryption and silicon secured memory T7-4 T7-2 Scalability from 32 to 512 cores Copyright 2015 Oracle and/or its affiliates. All rights reserved. 19

The Ultimate Software Optimization: Hardware Huge Leap in Security & Performance Over Traditional Processor Architectures Security Encryption Acceleration, Silicon Secured Memory Always-on Encryption Always-on Memory Intrusion Protection * * Stops malicious programs from accessing other application memory. Ex: HeartBleed, Venom Software in Silicon SPARC M7 Efficiency In-line Decompression Performance In-Memory Query Acceleration Revolution, Not Evolution! 10X faster Copyright 2015 Oracle and/or its affiliates. All rights reserved.

Designed for Security The Most Complete Set of Encryption Standards 15 Software-in-Silicon Crypto Algorithms With 25 user level crypto instructions 32 Crypto Accelerators per Processor To Accelerate: Asymmetric (Public Key Encryption) Symmetric Key (Bulk Encryption) Message Digest (Hash Functions) Clear Data In M7 Core AES Camillia CRC32c DES 3DES DH DSA ECC MD5 RSA SHA-1 SHA-244 SHA-256 SHA-384 SHA-512 Encrypted Data Out Copyright 2014, Oracle and/or its affiliates. All rights reserved. 21

Security in Silicon: Encryption Acceleration Secure Multi-Tier Enterprise Database and Java Performance Delivered Secure Nominal Performance Impact Zero Additional Hardware Cost Unprotected Near Zero Performance Difference Copyright 2014, Oracle and/or its affiliates. All rights reserved. 22

Cyber Attacks and Data Breaches Things you need to know 1. Cyber crime is accelerating, so is its cost and risk Bad guy are getting much more sophisticated and persistent 2. Don t assume it won t happen to you It will Even the CIA (US) got hacked and 20M personnel records compromised Most larger companies have already been hacked, many don t yet know (NSA) 3. Parameter/Network Security alone can not protect your data. It needs to be secured inside out Architected and built-in into every layer of the compute stack to protect your data inside, and not just the parameter outside Copyright 2015, Oracle and/or its affiliates. All rights reserved. 23

Data Security Is Critical.. On-Premise or In The Cloud Provides industry s most comprehensive and secure cloud offering Provides highest performance, most efficient and secure storage, architected for both on premise and the cloud Integrates end-to-end data security across ALL layers of the compute stack and the cloud SECURING THE COMPLETE STACK AND YOUR DATA INSIDE OUT SAVES TIME, MONEY AND REDUCES RISK Copyright 2015, Oracle and/or its affiliates. All rights reserved. 24