Professional Documents
Culture Documents
Protecting Access
to Application Data
Database Protecting
Monitoring Data-at-Rest
De-Identifying
Information for Data
Sharing Classification
• Now this is an
inflammatory headline but…
Separation Multi-Factor
of Duties Authorisation
No Application Changes!
• Separation of Duties
• Least Privilege FIN Realm
FIN
FIN App
DBA
Extensible
Database (e.g.,
Administrator Database
Tester)
• Oracle PeopleSoft
• Oracle E-Business Suite
• Oracle Siebel CRM
• Oracle Content Database
• Oracle Internet Directory
• Separation of Duties
• Data access restricted to application related accounts
• No access by other privileged users with DBA role
• Application Data Access Control
• Customisable CONNECT rule protects against application bypass
1 Define Realms (
6 Deploy
Enforce application access through middle Rule restricting database access based on
tier processes running on geographically middle tier server IP addresses
allocated servers
Protect mission-critical business data from Rule restricting dropping or wiping out
intentional or accidental harmful changes associated database structures
Control use of ad-hoc query tools during Rule restricting connections by ad-hoc query
peak load times tools to maintenance day/time
Enforce patching and backup to specific Rule restricting database maintenance DBA’s
maintenance periods and monitor the login to maintenance day/time
patching process. Rule requiring two DBAs to authenticate during
maintenance periods from internal IP addresses
Database Vault
Advanced
Security
47986 $5%&*
Audit
Vault
Secure
Configuration Backup
Management
Label
Total Security
Recall
Data
Masking
http://search.oracle.com
database security
or
oracle.com/database/security
Database Auditing
Network Encryption
Label Security
Database Vault
Audit Vault
Total Recall
EM Configuration Scanning
EM Data Masking