Protecting Applications and Databases

Maintaining properly configured databases and applications is important in today's highly regulated environment. Auditors commonly look for undocumented database users and unapproved changes to applications. Application tables may change during patching and upgrades but rarely is a new table created except during major upgrades and product installations. A common security requirement facing organizations today is how to control usage of DDL commands by those who have these privileges, such as the database schema that owns the application. For example, internal development or support personnel may approach a junior DBA and request a temporary account in a production database to debug an open issue. Creating a new account in a production database can raise alarms with internal and external auditors.

The business drivers for this security requirement include:

	Separation of duty
	Secure configuration
	Strong internal control mandates in regulations such as Sarbanes-Oxley
	Protection of personally identifiable information (PII)

Oracle Database Vault provides security to address this common security requirement.

	Separation of duty
	Command Rules
	Multi-factor authorization
	Realms

Click here to learn how these can be used to protect your application and database environments:

Oracle Database Vault Customers Absa Group Ltd. (Success Story | Press Release) National Marrow Donor Program (OpenWorld 2011 Daily Newspaper) ROSS Stores (Listen) Hands-On Protect Application Data from DBA and Privileged Users (Viewlet | Oracle by Example) Restrict DBA commands based on IP address (Viewlet | Oracle by Example) Security Features Data Encryption Virtual Private Database Database Auditing Backup Encryption Export file encryption Proxy Authentication Enterprise User Security Secure Application Roles Fine Grained Auditing Related Technologies Database Firewall Audit Vault Data Masking (pdf) Secure Backup Oracle Database Lifecycle Management Identity Management

Technical Information Datasheet Overview Whitepaper Oracle Database Vault Best Practices DBA Administrative Best Practices with Oracle Database Vault Database Vault certified with SAP: (Overview Whitepaper | Datasheet) Database Vault certified with E-Business Suite Database Vault certified with Peoplesoft (Datasheet | Red Paper | Security policies) Database Vault certified with Siebel (Security policies) Database Vault certified with JD Edwards EnterpriseOne (Security policies) Database Vault certified with Oracle Financial Services (iFlex) Database Vault certified with Infosys Finacle Flash Demo Business Whitepaper Oracle Database Vault FAQ Security Options Oracle Database Vault Oracle Advanced Security Oracle Label Security Discussion Forums Security Audit Vault