Customers who book air tickets, tours, and travel services with Hanatour must provide the company with personal details, including address, contact phone numbers, date of birth, passport number, and payment information. These details, along with their airline and tour bookings and travel itineraries, are stored in Oracle Database. The confidential nature of this information means Hanatour must have robust security measures in place to protect the database from unauthorized access, both internally and externally.

In 2010, Hanatour launched a one-way and two-way codification project to protect private customer information. One-way encryption was applied to a variety of passwords. To provide an extra layer of protection for extremely sensitive customer data, the company adopted two-way encryption, which incorporates individual tablespaces (a unit of logical storage space in a database) to strengthen security. Each data table and index stored in a database is saved as a tablespace, increasing connectivity between the database and file systems and minimizing performance degradation.

By encrypting sensitive data, Hanatour can ensure that when the database is networked or performing backups it is highly protected from external attacks.

Internal security is crucial in the tour industry, as it requires employees to access customer information in the Oracle Database when making reservations and accepting payments. Hanatour recognized that it needed sound encryption, access, and audit control measures to ensure end-to-end security, and implemented Oracle Database Vault 11g Release 2 to control user access to information based on their authorization and assigned task.

Oracle Database Vault has multifactor policies that enable the company to control access based on factors such as time of day, IP address, application name, the amount of time the employee can use the system, and authentication method. This means a staff member with access to the database will not be able to randomly access information they have not been authorized to view. For example, a tour manager may have access to certain personal customer information for processing tour payments that a customer service representative doesn’t have.

Hanatour also used Oracle Database Vault to prevent external attacks by introducing access control to encrypted tables, which stops outsiders from viewing encrypted data in the database even if they manage to attain top-level administrator privileges. This prevents hackers from obtaining customers’ credit card details, passport numbers, and other revealing personal information.

Hanatour uses Oracle Audit Vault 11g Release 2 to track which staff member accessed the database, when they logged in and out, and what they did. The software collects this information every 30 seconds. Hanatour analyzes this data to see if there are any unusual activities, such as repeated access failures, enabling the company to take immediate action if it suspects a security breach.

The Oracle software also enables Hanatour to produce reports that show how it is complying with internal security requirements. In addition, the audit information is used when developing plans to strengthen the security of the company’s database and business systems

Hanatour upgraded from Oracle Database 10g to Oracle Database 11g Release 2 to take advantage of security and audit features in this release of Oracle Advanced Security, Oracle Database Vault, and Oracle Audit Vault.

Although the database upgrade was primarily to reinforce security, it has also delivered significant improvements in performance. The enhanced caching of Oracle Database 11g has reduced workloads generated by the large-capacity database, improving system response times by 35%. As a tour wholesaler deriving all its sales from customer information, the improved performance ensures staff can reliably access the customer database to complete reservations, modify bookings, and update payments.

Presently, Hanatour is increasing its throughput by applying the functionalities of Oracle Database 11g to the server-side result cache, so that the same query and result are stored in the memory and provided as a response. With technical support from Oracle, the company is also preparing to apply the same functionalities to the client-side result cache, which will enable the query result to be stored on the Web server so queries don’t need to go through the database for a response. Once this is achieved, Hanatour expects to reduce its database load and improve its query response rate.

Hanatour is also exploring other ways to extend the use of new features in Oracle Database 11g to further improve efficiency and performance.