Oracle Data Safe: Enforcing Security in Continuous Data and Application Delivery

What is common in most data breaches? Firstly, it is the compromised user credentials/rogue users, i.e., users advertently or inadvertently losing credentials. And, secondly, the sensitive data, which is rather always at the center of all cyberattacks. This modus operandi can be further assisted by:

  • the non-compliance with data privacy regulations
  • technical debt
  • velocity, variety, and size of data, and
  • the lack of an integrated data security system surpassing not only the applications, security, and operations, but also data and database in test environments and in the real world (including disaster recovery)

Until now, software was seen ineligible to contain the damages caused by leaked credentials, non-compliance, size/velocity of the sensitive data, inconsistencies in security monitoring and implementation, etc. However, with Oracle Data Safe entering the picture, all the security risks encircling Oracle databases can now be duly assessed, along with the administration of the user accounts, sensitive data discovery in a database, data auditing, and data masking. In short, the whole security landscape is set to embrace a positive change.

Relevant Infolob Services:

  1. Cloud Migration Services
  2. Cloud Managed Services
  3. Disaster Recovery and Backup
  4. Video: Oracle Cloud Infrastructure Security Features and Implementation Best Practices

This is only made easier by Oracle Data Safe’s actionable intelligence concerning the database users, database configuration, database activity, and content. With Data Safe, enterprises can now have a smooth sailing towards establishing an impenetrable database security, data protection, and data governance framework.

What is Oracle Data Safe?

Oracle Data Safe is an integrated security control center for Oracle Database that uses metadata and metrics to optimize security assessments and monitoring of the Oracle database configurations and users, determine sensitive data, mask data in the development / test environments, and audit database activity.

Oracle Data Safe was initially released in 2019 as a fully cloud-native service for Oracle Autonomous Database, gaining huge popularity thereafter. It also works on third-party public clouds running Oracle database, including Microsoft Azure and Amazon Web Services (AWS). However, currently, it is not available for third-party databases.

How Oracle Data Safe Expands Data Security Landscape to Safeguard Data Beyond Norms

Before exploring Oracle Data Safe, let us first understand the importance of metadata, which is the data about the data and fundamental in various data-oriented undertakings.

In business analytics

  • Metadata reveals data definitions and their arrangement patterns in schemas
  • It offers glossaries to assist users link data to business processes and results
  • It unveils the source of data via lineage diagrams

In data governance

  • Metadata offers intelligence for discovering and locating sensitive data in databases
  • Discovers the users accessing those data, along with time and frequency of their interactions

In data security

  • Captured metadata can be leveraged for data security, as the more an enterprise is aware of its data, users, and database configurations, the more seamless data protection becomes

Following are the ways to achieve an impenetrable data security and governance posture across development, production, and in disaster recovery. And, also, how Oracle Data Safe—by leveraging metadata and automation—enables enterprises to attain it quickly and more fiercely in Oracle databases.

  1. Drift and Shift Detection in Database Security Configuration: It requires periodic information collection of database configurations into metadata, along with the monitoring for alterations against the previously applied configurations. As we already know, human errors repercussing in alteration in database configurations is quite common, such as over-privileging user accounts leading to surge in system’s vulnerability, however, surprisingly, such incidents also often go unnoticed until significant damage is made.

Drift detection paired with automation therefore is the key. Hence, the automatic assessment and drift detection in Oracle Data Safe is what enterprises need.

The security assessment in Oracle Data Safe detects security risk levels against – 

  • the security parameters
  • security controls under use
  • assigned user privileges, and
  • universally accepted standards and best practices

Thereby, setting a baseline for the future assessments to easily identify drift/shift in database configuration.

  1. A Closer User Account Monitoring: Capturing individual user account metadata, such as profile creation date, last active, assigned privileges, etc., for risk level analysis and continuous monitoring is essential for an extended data security framework. Further, making the assessment at both individual and aggregate levels help detecting user accounts with compromised credentials. With Oracle Data Safe, enterprises can now readily solve this part of the equation.

User assessment in Oracle Data Safe helps –

  • identify users exhibiting high, medium, critical, or low security risks potential to the database
  • score and audit the privileges granted to the users under high risk and critical categories, followed by activity capturing for these users along with their most recent log-in, password age, IP address, database activity, etc.
  • automatedly run priority remediation for over-privileged users, and with weak passwords
  1. Sensitive Data Discovery Beyond Business/Technical Semantics and Data Masking: Identifying sensitive data and their location in enterprise data lakes for masking is cardinal in preventing data breach while maintaining regulatory compliance. Moreover, not all the data can be assigned equal importance in security considering its growth and the resource constraints. On top of it, many a times the sensitive data is not properly documented, increasing the chance for it to end up in insecure places.

Not to mention the ever-changing regulations accommodating more data into the sensitive data list, thereby opening up new exposure opportunities for sensitive data. In short, sensitive data discovery requires to surpass business and technical meanings to establish a robust security and compliance framework. And Oracle Data Safe is the only tool required to implement it.

With 125+ sensitive data type support and the option to add more, the Oracle Data Safe’s automated, next-gen sensitive data discovery and masking capability is simply unmatchable.

  1. Security of Production Data: Although discussed in a much later part of the article, the security of production data is sufficiently the first step an enterprise should take to arrest cyberattacks and data breaches. In other words, enterprises must expand their security parameters to accommodate the test environments. Simply because enterprises often utilize the replicas of production data for accurately simulating testing, and thereby, also invite security risks. Hence, masking the data in test environments is paramount in mitigating risks while keeping the validity of data intact for the purpose of testing.

Note: However, data masking is not merely about replacing actual values of the data with special characters (fictional data). It is also about preserving the schematic and referential data integrity rules. The Oracle Data Safe offer enterprises just that.

  1. Database Activity Auditing: It is considered one of the most effective tools in data security and governance. Data and metadata analysis recorded in access and query audit logs reveals all the activities undertaken in a database, including the anomalies, e.g., rogue users, leaked credentials, unauthorized access, etc. In the case of a breach, database activity auditing enables enterprises to identify users accessing any part of the data. This does not only empower enterprise to find the perpetrator, however, can also be used in minimizing the degree of impact while complying with breach notification requirements.
  2. Intuitive Interface for Inclusiveness (Non-DBA users): Finally, keeping in mind the criticality of security in Oracle databases, Oracle Data Safe is developed to be run by general (non-DBA) users.  Operationalized by the intuitive dashboards that allows integrated visibility of the overall security health of Oracle databases, along with graphical reporting of data gathered from security and user assessments, and sensitive data discovery.

Oracle Data Safe extends remediation suggestions along with cross referencing applicable sections of the EU GDPR, CIS Benchmark, and DISA STIGs.