Hanatour International Service Tightens Customer Data Security by Introducing Data Encryption, Access Control, and Audit Solutions
 
Oracle 1-800-633-0738
Find an Oracle Specialized Partner
Oracle Customer Programs
 
 

Hanatour International Service Tightens Customer Data Security by Introducing Data Encryption, Access Control, and Audit Solutions

South Koreans looking to book an overseas holiday invariably turn to Hanatour International Service, the country’s largest tour service company. The company, the leading provider of overseas travel services and air tickets for the past 12 years, has a network of tour service specialists in 26 regions, as well as travel agents overseas. Hanatour’s leading market position means it is consistently has ranked first for customer satisfaction and travel agency preference in consumer surveys.

To protect its reputation as a travel industry leading tour service operator, Hanatour upgraded to Oracle Database 11g Release 2, Enterprise Edition to take advantage of security and audit features in Oracle Advanced Security 11g Release 2, Oracle Database Vault 11g Release 2, and Oracle Audit Vault 11g Release 2. These enhanced features enabled the company to strengthen user access control, preventing unauthorized staff from viewing customer details, such as passport numbers. Hanatour has also improved database security, ensuring any hacking attempts are thwarted before customer data is accessed. Finally, the company has met compliance requirements by implementing audit measures to track database access.

 
Data Encryption Protects Against External Attacks

A word from Hanatour International Service

  • “We upgraded to Oracle Database 11g Release 2 to improve performance and take advantage of new security features, which would minimize the risk of losing confidential customer data and strengthen our database and systems from unlawful access.” – Kim Jin-hwan, Director, IT Department, Hanatour International Service

Customers who book air tickets, tours, and travel services with Hanatour must provide the company with personal details, including address, contact phone numbers, date of birth, passport number, and payment information. These details, along with their airline and tour bookings and travel itineraries, are stored in Oracle Database. The confidential nature of this information means Hanatour must have robust security measures in place to protect the database from unauthorized access, both internally and externally.

In 2010, Hanatour launched a one-way and two-way codification project to protect private customer information. One-way encryption was applied to a variety of passwords. To provide an extra layer of protection for extremely sensitive customer data, the company adopted two-way encryption, which incorporates individual tablespaces (a unit of logical storage space in a database) to strengthen security. Each data table and index stored in a database is saved as a tablespace, increasing connectivity between the database and file systems and minimizing performance degradation.

By encrypting sensitive data, Hanatour can ensure that when the database is networked or performing backups it is highly protected from external attacks.

 
Strengthening Internal Security

 
Keeping a Clear Audit Trail

 
Ensuring Stability in the Customer Database

 
 

 
 

Challenges

  • Install robust security measures to protect its Oracle Database, which contains confidential customer data such as passport numbers and credit card details, from unauthorized internal and external access
  • Provide an audit trail of database access to meet reporting and compliance requirements
  • Ensure the stability of the customer database to ensure staff can process customer travel bookings and payments reliably

Solutions

  • Engaged Oracle Partner Wizbase to upgrade to Oracle Database 11g Release 2 and implement new user access and audit features
  • Secured customers’ private information by using the advanced security features of Oracle Database 11g to implement one-way and two-way data encryption
  • Protected confidential data from external attacks when it leaves the database over the network or via backups, by encrypting tablespaces in the database that contain sensitive information, such as customers’ passport numbers and credit card information
  • Implemented control access based on individual authorizations and assigned tasks a staff members to ensure that those with access to the database will not be able to randomly access information they have not been authorized to view
  • Prevented attacks from hackers by blocking access to the Oracle Database ,even if they manage to attain top-level administrator privileges
  • Created an audit trail of database access, enabling the company to spot suspicious activities and take action immediately
  • Enabled the production of reports that show compliance with internal security requirements
  • Used audit information to develop security plans to strengthen the company’s travel database and systems
  • Improved database response times by 35%, such as responding to queries for touring information, by reducing database workloads following the upgrade

Why Oracle

Hanatour has been using Oracle Database for several years. When it first selected Oracle, the company was looking for a stable database to minimize risk and which offered robust user access controls.

“Our business is based on providing detailed service. We do not want anything to go wrong on a customer’s holiday that will inconvenience them,” said Kim Jin-hwan, director of the IT department at Hanatour International Service. “Lost data or any disruptions to our system would affect our ability to provide optimum service.

“We upgraded to Oracle Database 11g Release 2 to improve performance and take advantage of new security features, which would minimize the risk of losing confidential customer data and strengthen our database and systems from unlawful access.”

Implementation Process

Hanatour engaged Oracle Partner Wizbase to upgrade the Oracle Database and implement the new security and audit features. The upgrade was completed in February 2010, and the database went live in April, followed by a period of fine-tuning to optimize performance. Hanatour has been using Oracle Database 11g for two years with no system interruption or performance deterioration.

Advice from Hanatour International Service

  • Work with an implementation partner that understands the unique needs of your industry and business, including security and compliance requirements
  • Take a long-term perspective of your security needs when developing a security solution, and don’t look for short-term fixes

Partner

  Wizbase has worked with Hanatour for more than a decade. The integrator used its understanding of Hanatour’s business and legacy system to design a custom database solution for the tour service operator.

In 2008, the Korean Government implemented the Electronic Communication Privacy Act, which required certain industries to tighten the security of private information. Wizbase developed a solution that would allow Hanatour to encrypt data and implement audit and access controls without the need to extensively modify its legacy systems. Wizbase then conducted four database performance tests before helping Hanatour select Oracle Database as best for its needs.

“Wizbase has played a major role in the stable operation of our information systems for more than a decade,” said Jin-hwan. “Its efforts in helping us make effective use of Oracle Database’s various features have helped us maintain our leading position in the Korean travel industry.”