Oracle Press Release

Oracle® Database Vault Increases Security of SAP® Application Data

Oracle Database Vault Offers Out of the Box Security to Facilitate Data Privacy and Regulatory Compliance for SAP Applications

Oracle OpenWorld, San Francisco, Calif. – October 13, 2009

News Facts

In a move to provide customers with increased security for mission-critical SAP® application data, Oracle today announced the certification of Oracle® Database Vault for use with SAP applications.
Oracle Database Vault enables organizations to efficiently increase security and address regulatory compliance by controlling who, when, where and how existing SAP application data can be accessed by any users, including privileged database users such as database administrators (DBAs).
Using Oracle Database Vault, organizations can further ensure that database users cannot by-pass SAP application security features and access SAP application data directly using ad-hoc database query tools.

Safeguarding Access to Sensitive Application Data

Oracle Database Vault establishes protective realms around SAP application database objects to prevent privileged database user access to sensitive data and to enforce separation of duties among privileged database users.
Oracle Database Vault provides the following default realms to protect the SAP application and data within the database:
Application Protection Realms for ABAP™ and the Java stacks: Protects all the sensitive SAP business data against unauthorized access from the privileged database users, and maintains the integrity of the SAP database structures;
Application Administration Realm for BR*Tools: Securely protects the integrity of all Oracle Database objects such as tables and indexes that are used by the BR*Tools and guards against unauthorized changes from other privileged database users;
Application Protection Realm for Admin Roles: protects SAP administration roles including SAPCONN, SAPDBA, SAPCRED, and SAPSYS from being granted except by the authorized administrator, and provides separation of duty; and,
Application Credential Protection Realm: protects the SAP application credential data from any unauthorized access or changes by privileged database user, and enhances separation of duty.
Default Oracle Database Vault multi-factor command rules help prevent SAP application security by-pass. Customers can further customize and add rules to address additional security requirements. Oracle Database Vault comes with numerous pre-defined command rule factors such as time of day, day of week and system address, and organizations can build custom factors using the Oracle Database Vault API.
SAP application data can be further protected using Oracle Advanced Security, which was previously certified for SAP solutions. Oracle Advanced Security provides transparent data encryption to prevent unauthorized access to SAP application data outside the database, and complements Oracle Database Vault protection for SAP application data within the database.
Oracle Database Vault is now certified with Oracle’s JD Edwards EnterpriseOne, Oracle’s Siebel CRM, Oracle’s PeopleSoft Enterprise, the Oracle E-Business Suite and SAP solution-based environments running on Oracle Database to protect the underlying data.

Supporting Quotes

“Data is the lifeline of any business and must be safeguarded not only for compliance reasons, but for the health of the organization and its customer relationships,” said Vipin Samar, vice president of Database Security, Oracle. “Oracle Database Vault proactively and transparently safeguards application data, preventing unauthorized access and providing customers with the necessary database security technology to help achieve regulatory compliance. Today’s certification extends that protection to SAP environments, allowing customers to protect their critical business information.”
“Protecting mission-critical data within the Oracle Database is important for SAP customers,” said Dr. Christian Graf, development manager, Database Platforms, SAP AG. “Through our SAP support for Oracle Database Vault, SAP customers will be able to enjoy the protection they have come to expect.”
“Oracle Database Vault is helping Hydro One to further address regulatory compliance,” said Norman Crook, Director IT Service Delivery, Business Information Technology, Hydro One Networks Inc. “With Oracle Database Vault, Hydro One is positioned to complete the final stages of the SAP security roadmap, further strengthening the security policies safeguarding our data.”

Supporting Resources

Download a free, evaluation version of Oracle Database Vault. Terms, conditions and restrictions apply.

Oracle Innovation Showcase

For more than 32 years, Oracle has been a technology innovator, transforming the way business is conducted. To learn about Oracle’s latest technologies and history of innovation, visit the Innovation Showcase at oracle.com/innovation. And during Oracle OpenWorld (October 11-15), you can hear and interact with innovators from Oracle and its partners at oracle.com/openworld.

About Oracle Database Security

For more than 30 years, Oracle has led the industry in securing sensitive data. Oracle Database 11g addresses today’s data security challenges from data encryption, access control, and data classification, to audit and compliance reporting, as well as secure deployments and data masking. The comprehensive portfolio of security solutions for Oracle Database 11g, including Oracle Advanced Security, Oracle Database Vault, Oracle Label Security, Oracle Data Masking, and Oracle Audit Vault, helps organizations to transparently safeguard against data breaches and to achieve regulatory compliance without requiring changes to existing applications. To learn more about how to save time and money protecting data with Oracle Database 11g today, please visit: http://www.oracle.com/database/security.

About Oracle

Oracle (NASDAQ: ORCL) is the world's largest business software company. For more information about Oracle, please visit our Web site at http://www.oracle.com.

Trademarks

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. SAP, ABAP and all SAP logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries.
Other names may be trademarks of their respective owners.
SAP Forward-looking Statement
Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “intend,” “may,” “plan,” “project,” “predict,” “should” and “will” and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP's future financial results are discussed more fully in SAP's filings with the U.S. Securities and Exchange Commission ("SEC"), including SAP's most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.

Contact Info

Eloy Ontiveros
Oracle
+1.650.607.6458
eloy.ontiveros@oracle.com

Kristin Reeves
Blanc & Otus for Oracle
+1.415.856.5145
kreeves@bando.com