Protecting Applications and Databases

Maintaining a properly configured database and application is important in today's highly regulated environment. Auditors commonly look for undocumented database users and unapproved changes to applications. Application tables may change during patching and upgrades but rarely is a new table created except during major upgrades and product installations. A common security requirement facing organizations today is how to control usage of DDL commands by those who have these privileges, such as the database schema that owns the application. For example, internal development or support personnel may approach a junior DBA and request a temporary account in a production database to debug an open issue. Creating a new account in a production database can raise alarms with internal and external auditors.

The business drivers for this security requirement include:

• Separation of duty
• Secure configuration
• Strong internal control mandates in regulations such as Sarbanes-Oxley
• Protection of personally identifiable information (PII)

Oracle Database Vault provides security to address this common security requirement.

• Separation of duty
• Command Rules
• Multi-factor authorization
• Realms

Click here to learn how these can be used to protect your application and database environments: