Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Innovations in Security and Compliance for Databases Vipin Samar Senior Vice President, Database Security Oracle.

Published byGilbert Marsh Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Innovations in Security and Compliance for Databases Vipin Samar Senior Vice President, Database Security Oracle."— Presentation transcript:

1 Data Innovations in Security and Compliance for Databases Vipin Samar Senior Vice President, Database Security Oracle

2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Oracle OpenWorld 2018

3 Agenda World we live in: Breaches and Regulations
Security innovations for database deployments Security innovations for the cloud deployments Continuing advancements in database security Oracle OpenWorld 2018

4 Data – Your Most Valuable Asset
Oracle OpenWorld 2018

5 Data Security & Privacy Regulations are Prolilferating Keep people’s personal data safe and secure
FOIPPA HIPAA EU GDPR PIPEDA Dodd Frank Ru DPA HSPD-7 SOX BASEL III 48 State Data Privacy GLBA FFIEC Cn GDPL Jp APPI Calif. CCPA NY DFS500 Patriot Act Ma DPA In PDP Hk PDPO Mx PDPL PCI Th OIA Si PDPA Co DPL Br Art. 5 Sa ECTA Au PP Nz PA Cl PPL Ar PDPL Oracle OpenWorld 2018

6 Who Wants Your Data? Personal Data Financial Data Trade Secrets
Insiders Personal Data Financial Data Trade Secrets Regulated Data Nation States Former Employees Criminals Curiosity Seekers Hacktivists Customers Competitors Oracle OpenWorld 2018

7 ∞ Asymmetric Warfare Challenger’s Corner Defender’s Corner
All the infrastructure All the tools All the time A legion of attackers Defender’s Corner Not enough people Not enough resources Never enough time Team Oracle OpenWorld 2018

8 How Hackers Attack the Database?
Exploit Database Attack Users Exploit App Sniff Traffic End users Application Attack Data Copies Bypass Database Attack Admins Administrators Test Dev Partners Oracle OpenWorld 2018

9 Oracle Database Maximum Security Architecture
DBSAT DB Lifecycle Mgmt Data Redaction Database Firewall ###-##-5100 Audit Vault Audit Data End users Application Database Vault Data Masking Privilege Analysis Transparent Data Encryption Administrators Key Vault Test Dev Partners Oracle OpenWorld 2018

10 Database Security Rings
Activity Auditing Monitoring Database Firewall Reporting/Alerting Detect DBSAT Data Discovery DB Lifecycle Mgmt Privilege Analysis Assess Encryption Key Management Data Redaction Database Vault Data Masking Prevent Row Security Label Security Real App Security Crypto Toolkit Data Oracle OpenWorld 2018

11 Securing Databases in the Cloud Robust Security Profile
Oracle OpenWorld 2018

12 Oracle Autonomous Database
Goal - Eliminate human labor Self-Driving Automates all database and infrastructure management, monitoring, tuning Self-Securing Protects from both external attacks and malicious internal users Self-Repairing Protects from all downtime including planned maintenance Oracle OpenWorld 2018

13 Encrypted-by-Default
Self-Securing Robust Baseline Security Posture Automated Patching Autonomous Database Encrypted-by-Default At Rest & In Motion Separation of Duties & Activity Auditing Oracle OpenWorld 2018

14 In the Cloud, Security is a Shared Responsibility
Security Managed by Oracle: Platform Security Managed by the Customer: Users, Data Ensure DB configured securely Locate sensitive data Protect sensitive data Assess user security Track user activity ... and more Network security and monitoring Strong OS and platform security Database patches and upgrades Administrative separation of duties Data encryption by default Oracle OpenWorld 2018

15 Oracle Data Security Cloud Service
Preview Oracle Data Security Cloud Service Manages security for Oracle Databases Common security tasks automated Tightly integrated security controls Reports for compliance Click-and-secure Key Benefits Saves time and mitigates security risks Defense-in-Depth for all customers Accelerates compliance Assess Discover Mask Users Audit ….. Oracle OpenWorld 2018

16 Data Security Control Center Understand Risk Posture and Events
Preview Data Security Control Center Understand Risk Posture and Events Oracle OpenWorld 2018

17 How the Components Fit Together
Preview How the Components Fit Together Data Masking Encryption* Separation of Duty* Patching* User Activity Raise Alerts Generate Reports Security assessment User privileges Data classification Security policies Audit policies Alert policies Manage Assess Protect Detect *: Provided by Oracle Cloud Platform Oracle OpenWorld 2018

18 Oracle Database Security Innovations: Assess, Detect, Prevent, and Manage Risks
Oracle OpenWorld 2018

19 Assess Oracle Database Security Assessment Tool (DBSAT) 2.0 Know Your Security Posture Before Hackers Do Find how (in)secure your database is Report on overall security status/controls Find users, entitlements, and risks Discover sensitive data in English, and major European languages* Actionable Assessment Reports Get prioritized recommendations Mapping to EU GDPR, CIS and STIG* Stand-alone tool for 10gR2+ databases FREE to current Oracle customers Database Securely Configured? Users? Entitlements? What Sensitive Data do I have? ? * In upcoming release Oracle OpenWorld 2018

20 DBSAT: Sensitive Data Assessment Report
Oracle OpenWorld 2018

21 Oracle Audit Vault and Database Firewall (AVDF)
Detect Oracle Audit Vault and Database Firewall (AVDF) Users Applications Network Events Database Firewall Audit Data Databases Audit Data, Event Logs Operating systems Policies Reports Alerts Audit Vault Server Oracle OpenWorld 2018

22 Audit Vault and Database Firewall Innovations
Detect Audit Vault and Database Firewall Innovations Incremental new features with quarterly bundle patch Target audit collection support for latest releases from Oracle, SQL Server, MySQL, Red Hat Enterprise Linux, Microsoft Windows, IBM AIX, Active Directory, etc New Data Privacy reports to support GDPR and other privacy regulations Integration with DBSAT/EM for discovery and auditing sensitive data Upcoming Release Auditing Cloudera Hadoop and MongoDB New custom audit support for JSON and REST collectors Before/after value collection using Golden Gate Simplified Database Firewall Policies and Management Oracle OpenWorld 2018

23 Database Vault Ops Control
Prevent New Database Vault Operations Control Restricting Access to Customer PDBs from the Cloud Administrator Problem Database Vault Realms must be managed/configured for every PDB Must follow Separation of Duty rules Mistakes could expose local PDB data to cloud administrators Database Vault Operations Control Transparently prevents Cloud Operations from accessing local PDB data PDB customer data secured-by-default Operational flexibility No Access to local PDB data from CDB / Cloud Administrator Database Vault Realms Database Vault Enforced Database Vault Ops Control Oracle Database 19c Oracle OpenWorld 2018

24 Encryption Enhancements in Oracle Database
Prevent Encryption Enhancements in Oracle Database Migrating clear tablespace data to encrypted data with minimal downtime Online encryption with minimal incremental storage for NO downtime (12cR2); Supports live re-encryption of tablespace data Fast offline data encryption (12cR2, 12c, 11gR2); Minimal downtime with Data Guard Automatic encryption when migrating clear-text to the cloud with RMAN Bring Your Own TDE Master Encryption Key (BYOK) into the database Per-PDB wallet so that each PDB can manage its own keystore (18c) FIPS Level 1 Cryptographic Module for SSL/TLS and TDE (18c) Oracle Dictionary Encryption (19c) Oracle OpenWorld 2018

25 Key Management with Oracle Key Vault
Prevent Key Management with Oracle Key Vault Credential File Java Keystore MySQL Keys DB Deployments Single/multiple Instance RAC Multi-tenant Golden Gate Redo logs Data Guard Redo logs Exadata Robust, secure, and standards compliant (OASIS KMIP) Oracle Wallet Solaris Crypto Keys ASM Cluster File Systems Online Master Key Online Master Key ASM Storage Nodes Oracle OpenWorld 2018

26 Oracle Key Vault Innovations
Prevent Oracle Key Vault Innovations Recent Key Vault 12.2 Features Improved availability Read-only restricted mode Persistent master key cache support Quick discovery of unreachable servers Improved manageability Centralized endpoint configuration Remote syslog for audit records Coming in Key Vault 18.1 Geographically distributed Full Read-Write replicas for write-HA Read-only for load balancing and HA Near zero downtime for endpoints during patches and upgrades REST API support for key mgmt Java and C client toolkits for adding end point key management Oracle OpenWorld 2018

27 Centrally Managed Users in Microsoft Active Directory
Direct Integration Authentication Data Authorization Data Map Users / Roles Microsoft Active Directory DB User Password, Kerberos, PKI Oracle Database 18c Oracle OpenWorld 2018

28 What about Complying with EU-GDPR?
Oracle OpenWorld 2018

29 EU General Data Protection Regulation (GDPR)
Safeguards EU resident data from misuse, disclosure, theft, etc. “Technical and organizational measures … for privacy by design and by default” Applies to anyone handling person’s data globally Applies to ALL privacy data: PII, PHI, IP addr, logs, cookies, etc… GDPR includes a strict liability and sanction regime Key dates Published: May 4, 2016 Enforcement began: May 25, 2018; First lawsuit filed: May 25, 2018 Oracle OpenWorld 2018

30 GDPR Articles and Mapping to Oracle Database Security*
Protection Mechanism Oracle Database Security Mapping* Article 35 Data Protection Impact Assessment Database Security Assessment Tool Database Vault Privilege Analysis Article 32 Encryption of personal data Advanced Security, Key Vault Article 25 Article 29 Data Protection by Design and by Default Processing under the authority Database Vault Article 30 Article 33 Record of processing activities Notification of a personal data breach Audit Vault and Database Firewall Article 18 Right to restriction of processing Only personal data necessary for specific purpose Label Security Pseudonymisation of personal data Data Minimization Data Masking and Subsetting All of the above *: Compliance with GDPR Requires planning across most lines of business,  not just IT You should seek your own legal advice on how to comply with GDPR Oracle OpenWorld 2018

31 Next Steps Oracle OpenWorld 2018

32 Innovations Continue …
Assess Innovations Continue … Detect Prevent Manage First to Innovate with Performance, Transparency, Scale Simple/free security assessment tool for databases Discovering privilege use for Least Privilege Model with Privilege Analysis Full Activity Auditing including transaction logs with Audit Vault Monitoring and Blocking with SQL grammar based Database Firewall Transparent Data Encryption (TDE) and Data Redaction Strong Separation of Duty and multi-factor authorization with Database Vault Transparent access control on row/column: Virtual Private Database Enforcing application security in databases with Real Application Security And now bringing integrated data security solutions to the cloud… Oracle OpenWorld 2018

33 Database Security Sessions at Oracle Open World 2018
Title Location Date & Time TRN4109 Inside the Head of a Database Hacker MW 3006 Mon 3:45 PM PRM4102 Introducing Oracle Data Security Cloud Service for Oracle Databases Tue 12:30 PM PRM4108 Autonomous and Beyond: Security in the Age of the Autonomous Database Tue 5:45 PM PRO4111 Data Security in the GDPR Era Wed 11:15 PM CON6575 Database Security Assessment Tool: Know Your Security Posture Before Hackers Wed 12:30 PM TRN4106 Encrypt Your Crown Jewels and Manage Keys Efficiently with Oracle Key Vault Wed 4:45 PM TIP4104 Appdev: Building Secure Database Applications Quickly in the Cloud Era Thu 11:00 AM PRO4110 Detecting and Blocking Attacks with Oracle Audit Vault and Database Firewall Thu 12:00 PM TIP4112 Recent Database Security Innovations You Might Not Be Using, but Should Be Thu 1:00 PM Oracle OpenWorld 2018

34 Demos and Discussions @ Moscone South
Database Security MAIN ENTRANCE Oracle OpenWorld 2018

35 Securing Oracle Database – A Technical Primer
Free eBook Securing Oracle Database – A Technical Primer Chapters Protecting Data Authentication and Authorization Enforcing Separation of Duty Data Encryption and Key Management Masking Sensitive Data Auditing Database Activity Activity Monitoring with Database Firewall Data-Driven Application Authorization Evaluating Security Posture EU GDPR and Database Security Securing Databases in the Cloud Oracle OpenWorld 2018

36 Learn More About Database Security
AskTOM Database Security Office Hours Direct line into Database Security Product Development Second Thursday, 09:00 UTC and 20:00 UTC (identical sessions) or Search “AskTom Database Security Office Hours” Know more about Database Security: Know more about GDPR: Database Security and GDPR Whitepaper: Oracle OpenWorld 2018

37 Data Thanks for coming today – I look forward to working with you to ensure YOUR data assets do not become a liability Don’t Let Your Assets Become a Liability Secure Your Data, Secure Your Business

Download ppt "Data Innovations in Security and Compliance for Databases Vipin Samar Senior Vice President, Database Security Oracle."

Similar presentations

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Internet of Things Security Architecture

Internet of Things Security Architecture
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Oracle Database Security

Oracle Database Security
Vormetric Data Security

Vormetric Data Security
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Security Controls – What Works

Security Controls – What Works
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
© 2009 Oracle Corporation. S311443 : Slash Storage Costs with Oracle Automatic Storage Management Ara Vagharshakian ASM Product Manager – Oracle Product.

© 2009 Oracle Corporation. S : Slash Storage Costs with Oracle Automatic Storage Management Ara Vagharshakian ASM Product Manager – Oracle Product.
Getting Started with Oracle Compute Cloud

Getting Started with Oracle Compute Cloud
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
Unify and Simplify: Security Management

Unify and Simplify: Security Management

Similar presentations

Ads by Google