Security Inside Out Edition
Oracle Corp
June 2011 Stay Connected: Blog TwitterFacebook Blog TwitterFacebook
Back to the main page
Safeguard Your Data from Threats with Oracle Database Vault

A series of recent high-profile security breaches has dramatically underscored the fact that many organizations—large and small— must consider new, more-effective ways of securing sensitive information, including Oracle Database Vault.

We asked Paul Needham, senior director of database security product management, to give us a brief primer on Oracle Database Vault, and how it might have helped prevent the recent spate of security breaches.

Q: What are the data threats organizations are faced with today?

A: The past 36 months has revealed an unprecedented increase in attacks on data. Several large attacks targeted database accounts as a means of accessing application data. Setting aside the means by which attackers got credentials, the question becomes: how can the damage from a compromised account be dramatically reduced or blocked altogether? It’s not if an organization is going to be compromised, but when.

In many ways the situation we’re in today should not be a huge surprise to anyone. Looking at the evolution of applications and IT operations, the fact is everyone has been asked to do more with less. There’s increasing pressure to deliver new applications in less time, deliver increased access to data for analytical processing, and do all this with fewer database administrators. The end result is applications today are pretty open on the back end. What I mean is, administrative accounts within Oracle and non-Oracle databases have access to sensitive application data.

Q: How can Oracle Database Vault increase security and prevent access to data?

A: Oracle Database Vault helps enforce a trusted path to the application data. To be clear, privileged administrative accounts within the database, shared or otherwise, are a reality in today’s IT world and must be blocked from having ad hoc access to the application data. This is absolutely critical in preventing compromised database accounts from being used to access, copy, update, or perform a multitude of other unauthorized actions.

Of course, we cannot exclude the insider threat as well. Oracle Database Vault realms are one of the many features customers find hugely beneficial, and I believe it is critical to increasing the security of existing applications. Oracle Database Vault includes multifactor command rules, which control access based on built-in factors such as time of day, IP address, application name, and more. Command rules can be used to prevent unauthorized ad hoc access to data from unauthorized tools and enforce policies that prevent database changes.

Q: What is the most common Oracle Database Vault misperception?

A: That’s an easy one: “I only have one DBA so I don’t need Oracle Database Vault.” There is a widespread belief that if an organization has a single or small number of DBAs, that Oracle Database Vault adds limited value. This could not be further from the truth. In fact, I suggest that Oracle Database Vault is even more important in these environments than in larger environments, where role delegation is more defined.

Q: Is Oracle Database Vault difficult to deploy?

A: Not at all. Does it take some familiarization? Yes, a little. Oracle Database Vault enforces best practices and dramatically increases security around application data. This is critical, as more and more data is consolidated onto a single platform for cost savings, increased analytical processing, and cloud computing. Oracle Database Vault comes with out-of-the-box policies to get you up and running fast. And it is certified for a variety of applications, including Oracle E-Business Suite, Oracle’s PeopleSoft, Oracle’s Siebel CRM, Oracle’s JD Edwards EnterpriseOne, and SAP applications.

Find out more about Oracle Database Vault.

Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2011, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.