Serviço Federal de Processamento de Dados – Serpro is a public company that was created in 1964 to provide information technology (IT) and communications services to the public sector, and it is considered one of the largest, public IT organizations in the world. Serpro is known for its online, income-tax-filing system, ReceitaNet; national driver’s license and passport management; and the Brazilian foreign trade management system, Siscomex.
The most critical role Serpro performs is to secure citizen, municipal, and federal data. As such, the organization needed to adopt a reliable solution to protect this critical information. Serpro chose Oracle Audit Vault and Oracle Advanced Security solutions to establish an encryption framework that would support high volume access to Serpro’s database by its 8,000 internal users and for the management and prevention of unauthorized access. Further, by maintaining this level of security, Serpro can track database access and ensure security of confidential information.
The deployment of the Oracle Data Masking and Oracle Database Vault enabled Serpro to protect data, avoid undue access, and mask data as it transitions from the production environment to other environments, without violating data integrity rules. It also supports Serpro’s compliance with data privacy and protection standards, such as Sarbanes-Oxley; payment card industry standards; and data security standards required for protecting 60% of the federal government’s administrative data, which Serpro houses.
Oracle Audit Vault gave greater adherence to our database’s 100 systems, enabled greater access monitoring and limitations, and it enhanced our ability to comply with regulatory standards,” said Marcos Vinícius Mazoni, director/president, Serviço Federal de Processamento de Dados – Serpro.
“The six-month project involved 30 Serpro professionals and ten professionals from our partner IT7. The team defined security levels, tables by access permission type, and segmentation by job function and position within a tight timeframe—in the early mornings and on weekends—to avoid taxpayers’ peak usage times,” Vinícius Mazoni said.
“Oracle partner IT7 was present for the entire implementation and training period, assisting with the new processes, such as administrative and electronic authorization. It also demonstrated a high level of commitment to the project, interacting with everyone involved and reviewing and approving the logic of Serpro’s security standards. IT7’s team of professionals helped us to resolve issues related to database size and the critical nature of our data,” Mazonisaid.