Oracle Data Safe is a fully-integrated cloud service that helps organizations secure their enterprise data with a comprehensive set of features for protecting sensitive and regulated data in Oracle Cloud. An Oracle Data Safe introductory video describes the data security challenges that organizations face and how Oracle Data Safe can address with its five main features:

1. Security Assessment
2. Data Discovery
3. Data Masking
4. User Assessment
5. Activity Auditing

Data Protection Risks

Organizations rely on databases to manage their most critical asset – the data, but if not well-protected, this data could become their biggest liability. According to industry reports, almost one-third of the attacks are performed by internal actors, and over half of internal attacks are on databases. Sensitive data – such as personally identifiable information, personal financial information, and personal healthcare information – make databases attractive targets for hackers and even insiders who are looking to steal data for monetary, strategic, or personal reasons, or just to disrupt business.

By law, organizations must comply with data protection regulations – such as the European Union’s General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX), and many such data protection laws across the globe.

Hackers try to exploit weaknesses in user credentials, applications, and database configurations in both production and non-production databases. How do you manage against a legion of attackers who have all of the infrastructure, the tools, and the time, when you don’t?

Oracle provides top-in-class security for the computing infrastructure of its cloud databases – including encryption by default, separation of duty, and proactive security patching, but organizations need to further secure their databases by understanding their own data, their own users, and their own configurations.

This is why Oracle has introduced Oracle Data Safe – a fully integrated cloud service that helps you secure your data and address compliance requirements. With Oracle Data Safe, you can assess the security of your database configurations, find your sensitive data, mask that data in development and test environments, discover the risks associated with database users, and monitor database activity – all from a single easy-to-use management console.

How to Secure Your Databases

Database configurations, such as weak password policies, insufficient control over privileged accounts, and lack of activity monitoring, are the most common causes of vulnerabilities. In Oracle Data Safe, the Security Assessment feature analyzes your database configurations, user information, and security controls. It generates a report that helps you understand the potential risks. At a glance, you get an overall picture of your database security status. The report also highlights remediation steps and findings related to General Data Protection Regulation (GDPR), Center for Internet Security (CIS), and Security Technical Implementation Guide (STIG), which makes it easier for you to identify the required security controls.

Finding Your Sensitive Data

Protecting sensitive data starts with knowing what sensitive data you have and where it’s located. In Oracle Data Safe, the Data Discovery feature inspects the actual data and the data dictionary to find sensitive data. It can show you sample data for your validation. Data Discovery includes a comprehensive and extensible library of sensitive types, which are group by identification, biographic, IT, financial, healthcare, employment, and academic information.

Data Discovery creates a report that shows you details about your sensitive data. At the top, you can view totals about your sensitive data and drill down into a chart to view breakdowns of sensitive types. The table summarizes the different sensitive data types and estimated rows for each sensitive data type. You can also view the actual column names and sample data.

How to Mask Sensitive Data

For many applications, organizations need to create several copies of production data to support development and test activities. If you simply copy your production data as-is, your sensitive data becomes exposed to new users – increasing your attack surface. For better security, database copies should have sensitive data replaced with realistic but fictitious data, so even if attackers succeed in gaining access to the data, they cannot benefit from the fake masked data.

In Oracle Data Safe, the Data Masking feature simplifies the job of masking data with over 50 predefined masking formats. For example, you can shuffle the data in a column, replace data with random dates, and substitute phone numbers with generic ones. You can create your own masks.

Understanding User Risks

Many questions need to be answered in order to understand user risks. Which database accounts have powerful roles – database administrator, database vault administrator, or audit administrator? Who all can make changes that seriously impact the system, access sensitive data, and grant access to unauthorized users? Are some user accounts at risk of being taken over by attackers because passwords haven’t been changed in a long time?

In Oracle Data Safe, the User Assessment feature answers these questions and more to help you identify your high-risk users. Administrators can then deploy, with appropriate security controls and policies, to ensure the ongoing security of the databases.

How to Monitor Database Activity

You entrust your databases to your database administrators, account owners, and end-users. However, it is important to monitor database activity regularly because accounts are always at risk of being hacked or misused. Activity Auditing allows you to provision and enable audit policies on your cloud databases, so you can monitor sensitive database changes, administrator and user activities, activities recommended by the CIS, and activities defined by your own organization.

As your audit data is generated, Activity Auditing will automatically pull your audit data into the Oracle Data Safe database.

Activity Auditing provides a wide range of interactive audit reports – including the All Activity report, which is a comprehensive report that contains every audited activity. Other reports focus on specific areas, such as:

• Admin activity
• User/entitlement changes
• Audit policy changes
• Login activity
• Data access
• Data modification
• Database schema changes

You can also download a report as a spreadsheet or PDF file, which is very useful for compliance reporting.

It is also important to be alerted of certain database activities as they occur. For example, when database parameters or audit policies change, when an administrative user login fails, when users are created or deleted, or when user entitlements change. The All Alerts report summarizes all of the alerts that have been raised – including how severe the risk is, who did what on which database, and when.

To learn more about Oracle Data Safe, check out the video below.