Back to Database Security homepage

Defense-in-Depth Guide

Regulatory compliance, protection of personally identifiable information, and internal threats are three of the top concerns facing internal auditors, IT executives, application designers, human resource managers and security officers today. Strictly adhering to documented organizational procedures is a large part of the solution, however, technology plays an equally critical role. Oracle provides solutions to help customers address today's top security concerns.

Protect Network and Media

 Protect data on disk: Recent headlines concerning misplaced storage media has resulted in increased awareness of keeping data secure even outside the database. Oracle offers encryption technology to reduce the threat posed by this business problem. More ...
 Encrypting network traffic: Oracle network encryption provides an easy way to protect against insider threats by encrypting data traveling between databases and application servers, using industry standard encryption technologies, including AES. More ...
 Protect disk backup: Backing up your Oracle Database to disk? Oracle RMAN can use Oracle Advanced Security TDE to encrypt the entire database backup. This provides additional security if the backup disk should be misplaced or stolen. More ...
 Protect tape backup: When data leaves the secure perimeter of the database, access control measures are no longer enforced. This highlights the importance of encrypted backups. Oracle Recovery Manager (RMAN) allows encryption of entire 'backup sets' to disk, while Oracle Secure Backup provides data encryption to tape. More ...

Audit and Configuration Monitoring

 Trust-but-Verify: Auditing is an important aspect of an organization's data protection plan. The Oracle Database provides robust audit capability, including context-based auditing. More ...
 Reporting: Oracle Audit Vault provides out-of-the-box security related reports that enable the Security administrator to easily monitor audit events. More ...
 Audit Consolidation and Monitoring: The ability to secure audit information and pro-actively alert under specific conditions is a powerful tool in the monitoring arsenal. More ...
 Are your Databases configured securely? Most organizations have well-documented procedures for approving configuration changes. Oracle Enterprise Manager Grid Control provides automated tools for patching Database servers and monitoring their configurations. More (pdf)

Application Integration

 Maintaining user identities in a 3-tier environment: If your employees or customers log into an application, and the application connects to the underlying database as a 'big app user', the identities of the individuals are lost, making it more difficult to audit and enforce access controls. Oracle offers two solutions: Both 'client identifier' and 'proxy authentication' can be used to maintain the identity of the users, enabling the enforcement of audit and access control policies in the database. More ...

Internal Threat

 DBA access: Worried about employees with the DBA role, gaining read or write access to personally identifiable information? With Oracle Database Vault, applications can be surrounded by a protective shield, called a Realm. Realms allow the DBA to continue managing the database, while preventing access to application data. More ...
 Who, when & where: Factors such as time of day, database client's location on a network, or custom factors specific to the enterprise can be used independently or in combination to enforce multi-factor authorization and control the ability to access the application. For example, access to the database could be restricted to a specific middle tier during a specific time window. Database Vault multi-factor authorization significantly strengthens security. More ...
 Configuration controls: Want to maintain the certified configuration of your database and be sure that nobody can create or delete any database objects? Command rules allow you to define actions that are invoked as soon as a certain command is issued against the Oracle Database. More ...
 Privilege Management: Oracle provides robust support for database roles to help manage database privileges. Additionally, Oracle provides Secure Application Roles, which offer higher security by allowing role enablement only after any number of security checks have been passed (certain hours on weekdays only, and not when remotely accessing the database). More ...
 Row-level security: In some cases, restricting access to the entire table may not be granular enough and you need row-level access control. Oracle provides row-level security which can be used to enforce stringent access control policies. More ...
 Data classification: In other cases, access to data rows must be restricted based on data classification; Oracle provides a powerful, out-of-the-box solution with Oracle Label Security. More ...
 Multi-level security: Oracle is the only database vendor to provide a mature and adaptible multi-level security product for high security requirements found in government, defense and law enforcement environments, successfully evaluated at EAL4 Common Criteria. More ...

Strong authentication

 PKI, Kerberos, RADIUS: Oracle Databases can easily be integrated into an existing infrastructure that leverages PKI, Kerberos or RADIUS. Kerberos is a popular option for customers who deploy Oracle in Windows environments. More ...

Manage all users in one place

 Regulatory compliance requires stringent internal controls. User provisioning is a key aspect of internal controls by ensuring that employees and customers have access to the appropriate database in a timely manner. Similarly, when employees leave the company, removing access right is time-sensitive as well. Oracle Enterprise User Security simplifies user management by consolidating user accounts from multiple databases into one centralized LDAP-compliant directory. More ...


Cost Effective Security and Compliance with Oracle Database 11g Release 2
HITECH's Challenge to the Health Care Industry
Protecting the Electric Grid in a Dangerous World
Sustainable Compliance for the Payment Card Industry Data Security Standard
Defense-in-Depth Guide
Oracle Database Security Overview
Choosing A Secure Password
Secure External Password Store
Oracle Database Security Checklist - Technical Whitepaper

Security Features

Data Encryption
Virtual Private Database
Database Auditing
Backup Encryption
Export file encryption
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Customer Successes

Industry leading organizations globally rely on Oracle Database Security Solutions to protect data privacy, address insider threats, and meet regulatory compliance - without changes to their existing applications, saving time and money.
Database Security Customers

Security Options

Oracle Database Vault
Oracle Advanced Security
Oracle Label Security

Related Technologies

Database Firewall
Audit Vault
Data Masking (pdf)
Secure Backup
Configuration Management
Identity Management

Discussion Forums

Audit Vault
OTN Cloud Promo RHS
  Oracle Live SQL

Oracle Database Cloud