South Koreans looking to book an overseas holiday invariably turn to Hanatour International Service, the country’s largest tour service company. The company, the leading provider of overseas travel services and air tickets for the past 12 years, has a network of tour service specialists in 26 regions, as well as travel agents overseas. Hanatour’s leading market position means it is consistently has ranked first for customer satisfaction and travel agency preference in consumer surveys.
To protect its reputation as a travel industry leading tour service operator, Hanatour upgraded to Oracle Database 11g Release 2, Enterprise Edition to take advantage of security and audit features in Oracle Advanced Security 11g Release 2, Oracle Database Vault 11g Release 2, and Oracle Audit Vault 11g Release 2. These enhanced features enabled the company to strengthen user access control, preventing unauthorized staff from viewing customer details, such as passport numbers. Hanatour has also improved database security, ensuring any hacking attempts are thwarted before customer data is accessed. Finally, the company has met compliance requirements by implementing audit measures to track database access.
Customers who book air tickets, tours, and travel services with Hanatour must provide the company with personal details, including address, contact phone numbers, date of birth, passport number, and payment information. These details, along with their airline and tour bookings and travel itineraries, are stored in Oracle Database. The confidential nature of this information means Hanatour must have robust security measures in place to protect the database from unauthorized access, both internally and externally.
In 2010, Hanatour launched a one-way and two-way codification project to protect private customer information. One-way encryption was applied to a variety of passwords. To provide an extra layer of protection for extremely sensitive customer data, the company adopted two-way encryption, which incorporates individual tablespaces (a unit of logical storage space in a database) to strengthen security. Each data table and index stored in a database is saved as a tablespace, increasing connectivity between the database and file systems and minimizing performance degradation.
By encrypting sensitive data, Hanatour can ensure that when the database is networked or performing backups it is highly protected from external attacks.
Internal security is crucial in the tour industry, as it requires employees to access customer information in the Oracle Database when making reservations and accepting payments. Hanatour recognized that it needed sound encryption, access, and audit control measures to ensure end-to-end security, and implemented Oracle Database Vault 11g Release 2 to control user access to information based on their authorization and assigned task.
Oracle Database Vault has multifactor policies that enable the company to control access based on factors such as time of day, IP address, application name, the amount of time the employee can use the system, and authentication method. This means a staff member with access to the database will not be able to randomly access information they have not been authorized to view. For example, a tour manager may have access to certain personal customer information for processing tour payments that a customer service representative doesn’t have.
Hanatour also used Oracle Database Vault to prevent external attacks by introducing access control to encrypted tables, which stops outsiders from viewing encrypted data in the database even if they manage to attain top-level administrator privileges. This prevents hackers from obtaining customers’ credit card details, passport numbers, and other revealing personal information.
Hanatour uses Oracle Audit Vault 11g Release 2 to track which staff member accessed the database, when they logged in and out, and what they did. The software collects this information every 30 seconds. Hanatour analyzes this data to see if there are any unusual activities, such as repeated access failures, enabling the company to take immediate action if it suspects a security breach.
The Oracle software also enables Hanatour to produce reports that show how it is complying with internal security requirements. In addition, the audit information is used when developing plans to strengthen the security of the company’s database and business systems
Hanatour upgraded from Oracle Database 10g to Oracle Database 11g Release 2 to take advantage of security and audit features in this release of Oracle Advanced Security, Oracle Database Vault, and Oracle Audit Vault.
Although the database upgrade was primarily to reinforce security, it has also delivered significant improvements in performance. The enhanced caching of Oracle Database 11g has reduced workloads generated by the large-capacity database, improving system response times by 35%. As a tour wholesaler deriving all its sales from customer information, the improved performance ensures staff can reliably access the customer database to complete reservations, modify bookings, and update payments.
Presently, Hanatour is increasing its throughput by applying the functionalities of Oracle Database 11g to the server-side result cache, so that the same query and result are stored in the memory and provided as a response. With technical support from Oracle, the company is also preparing to apply the same functionalities to the client-side result cache, which will enable the query result to be stored on the Web server so queries don’t need to go through the database for a response. Once this is achieved, Hanatour expects to reduce its database load and improve its query response rate.
Hanatour is also exploring other ways to extend the use of new features in Oracle Database 11g to further improve efficiency and performance.
Hanatour has been using Oracle Database for several years. When it first selected Oracle, the company was looking for a stable database to minimize risk and which offered robust user access controls.
“Our business is based on providing detailed service. We do not want anything to go wrong on a customer’s holiday that will inconvenience them,” said Kim Jin-hwan, director of the IT department at Hanatour International Service. “Lost data or any disruptions to our system would affect our ability to provide optimum service.
“We upgraded to Oracle Database 11g Release 2 to improve performance and take advantage of new security features, which would minimize the risk of losing confidential customer data and strengthen our database and systems from unlawful access.”
Hanatour engaged Oracle Partner Wizbase to upgrade the Oracle Database and implement the new security and audit features. The upgrade was completed in February 2010, and the database went live in April, followed by a period of fine-tuning to optimize performance. Hanatour has been using Oracle Database 11g for two years with no system interruption or performance deterioration.
Advice from Hanatour International Service
Wizbase has worked with Hanatour for more than a decade. The integrator used its understanding of Hanatour’s business and legacy system to design a custom database solution for the tour service operator.
In 2008, the Korean Government implemented the Electronic Communication Privacy Act, which required certain industries to tighten the security of private information. Wizbase developed a solution that would allow Hanatour to encrypt data and implement audit and access controls without the need to extensively modify its legacy systems. Wizbase then conducted four database performance tests before helping Hanatour select Oracle Database as best for its needs.
“Wizbase has played a major role in the stable operation of our information systems for more than a decade,” said Jin-hwan. “Its efforts in helping us make effective use of Oracle Database’s various features have helped us maintain our leading position in the Korean travel industry.”