DoF wanted to address increasing concerns over insider threats, outsourced-staff’s access, and application consolidation by implementing strong controls for all access to sensitive application data. To that end, the organization needed a central audit repository with information on user and super-user activities, giving it the ability to monitor each database access, identify suspicious activities, and promptly act against any possible database intrusion. These capabilities also helped it to meet information security and audit compliance requirements and respond to pressure from fellow governmental organizations to ensure that the identities of budget contributors, government employees, and citizens were secure.
Collaborating with Oracle Advanced Customer Support to design and implement an end-to-end security solution for the existing Oracle Database environment, DoF leveraged Oracle Database Vault controls to help protect application data from unauthorized access and Oracle Advanced Security to encrypt all data and protect against theft. The organization automated the consolidation of audit data into a secure Oracle Database repository, protected by Oracle Database Vault, which enabled efficient monitoring and reporting, event alerting, and separation of duty to prevent fraud and errors related to sensitive information.
DOF used Oracle Enterprise Manager 12c to give database administrators full visibility of the physical and virtual infrastructure, saving them 25% in time spent on database provisioning, patching, and upgrading. Personal identification information about the staff is also safeguarded during database provisioning in nonproduction environments with Oracle Data Masking Pack, a feature of Oracle Enterprise Manager, which enables the replacement of sensitive columns with random realistic values to be used in application development and testing.
A parallel deployment of Oracle Audit Vault simplifies the job of IT security auditors and internal auditors by providing a wide range of reports—such as for privileged-user activity and changes to database structures—and it has empowered auditors with report-customization features, such as charts and graphs, so that they can detect suspicious or unauthorized activity faster. Data security administrators and auditors can manage, compare, and provision Oracle Database audit settings across the environment directly from the administration web interface, and this has helped to reduce overall maintenance costs. administrators and auditors can also manage audit settings using a centralized administrator interface where they receive automated alerts for any suspicious activity.
In addition, DoF deployed its servers as a disaster recovery and off-site backup solution in a clustered architecture, using Oracle Real Application Clusters. Real-time data replication with Oracle Active Data Guard helps identify a failure cause in the event of an outage and guarantees high availability and security of all data.