No results found

Your search did not match any results.

Oracle Customer Success — Abu Dhabi Department of Finance

Abu Dhabi Department of Finance

Abu Dhabi Department of Finance Creates a Fully Secure IT Environment for Delivering Public Service

Share
 

Most information—including financial, budgetary, HR, payroll, and customs management data—that transits through our systems supports the financial strategy of various Abu Dhabi government bodies. Leakage of sensitive information can have disastrous consequences. With Oracle Advanced Security, we can guarantee that all information processed by Abu Dhabi government entities is safeguarded.

— Dr. Hazem EL Khatib, IT Director, Abu Dhabi Department of Finance

Established in 1962, the Abu Dhabi Department of Finance (DoF) plays a vital role in providing 67 entities of Abu Dhabi government with best-of-breed financial services. DoF aims to enhance the prosperity of the emirate by contributing to economic growth, promoting private sector participation, and supporting the Abu Dhabi government’s efforts to be one of the top five governments in the world.

DoF processes highly sensitive information across all public service sectors in the emirate and is accountable to Abu Dhabi government entities for ensuring that all data—from budgets to payrolls—are fully protected against outside attacks, malicious codes, intentional and unintentional damage, transfer onto removable devices, and theft. DoF worked with Oracle Advanced Customer Support Services to design and implement an end-to-end security solution for the existing Oracle Database environment, and deployed Oracle Advanced Security to safeguard sensitive information against intrusion, unauthorized activities, leakage, and theft.
  • Supporting the Government of the Future
    Since late 2005, Abu Dhabi government has pursued a far-reaching service transformation program that transcends all governmental departments, authorities, and administrations. This program strives to make the Abu Dhabi government more effective and efficient in delivering modern services to its customer base using a multitude of delivery channels. Empowered by robust information technology solutions and fulfilled by a highly skilled workforce, the program has the key objective of establishing a modern, efficient, and constituent-centric e-government to match the best in the world.

    DoF is responsible for providing specialized financial services and solutions for all governmental entities in the emirate of Abu Dhabi, continuously developing and implementing financial legislation and policies across the emirate. As part of this role, DoF deployed a shared services platform built on Oracle hardware and software in a private cloud, consolidating financial management operations including budgeting, planning, purchasing, cash management, payroll, reporting, and compliance across 64 Abu Dhabi government entities. To measure and demonstrate compliance, DoF decided to implement security policies that protect the organization’s data, users, and applications from accidental, inappropriate, or unauthorized actions and enforce best practices for auditing and user accountability.

    As a result, DoF enabled government entities—such as municipalities, transportation, and tourism authorities—to improve core competencies by relieving them of the burden of managing their own financial systems.
  • Secure Environment for Delivering Public Service
    DoF wanted to address increasing concerns over insider threats, outsourced-staff’s access, and application consolidation by implementing strong controls for all access to sensitive application data. To that end, the organization needed a central audit repository with information on user and super-user activities, giving it the ability to monitor each database access, identify suspicious activities, and promptly act against any possible database intrusion. These capabilities also helped it to meet information security and audit compliance requirements and respond to pressure from fellow governmental organizations to ensure that the identities of budget contributors, government employees, and citizens were secure.

    Collaborating with Oracle Advanced Customer Support to design and implement an end-to-end security solution for the existing Oracle Database environment, DoF leveraged Oracle Database Vault controls to help protect application data from unauthorized access and Oracle Advanced Security to encrypt all data and protect against theft. The organization automated the consolidation of audit data into a secure Oracle Database repository, protected by Oracle Database Vault, which enabled efficient monitoring and reporting, event alerting, and separation of duty to prevent fraud and errors related to sensitive information.

    DOF used Oracle Enterprise Manager 12c to give database administrators full visibility of the physical and virtual infrastructure, saving them 25% in time spent on database provisioning, patching, and upgrading. Personal identification information about the staff is also safeguarded during database provisioning in nonproduction environments with Oracle Data Masking Pack, a feature of Oracle Enterprise Manager, which enables the replacement of sensitive columns with random realistic values to be used in application development and testing.

    A parallel deployment of Oracle Audit Vault simplifies the job of IT security auditors and internal auditors by providing a wide range of reports—such as for privileged-user activity and changes to database structures—and it has empowered auditors with report-customization features, such as charts and graphs, so that they can detect suspicious or unauthorized activity faster. Data security administrators and auditors can manage, compare, and provision Oracle Database audit settings across the environment directly from the administration web interface, and this has helped to reduce overall maintenance costs. administrators and auditors can also manage audit settings using a centralized administrator interface where they receive automated alerts for any suspicious activity.

    In addition, DoF deployed its servers as a disaster recovery and off-site backup solution in a clustered architecture, using Oracle Real Application Clusters. Real-time data replication with Oracle Active Data Guard helps identify a failure cause in the event of an outage and guarantees high availability and security of all data.
 
Challenges
  • Meet information security and audit-compliance requirements by creating a central audit repository with information on user and super-user access activities with better tracking of accounts and privileges to improve management
  • Address increasing concerns about insider threats, outsourced staff’s access, and application consolidation by implementing strong controls for all access to sensitive application data
  • Protect sensitive staff information, such as financial, personal, and payroll details to better comply with international data-security regulations
  • Gain the ability to promptly act against any possible database intrusion by monitoring each database access and identifying suspicious activities, such as sensitive information leakage
Results
  • Protected the organization’s sensitive data from unauthorized access by creating a first line of defense for databases with Oracle Audit Vault and Database Firewall, which helped monitor and enforce application-use behavior to prevent malicious activity, such as application bypasses, from reaching the databases
  • Saved 25% of database administrators’ time by using Oracle Enterprise Manager 12c to provide complete visibility into the physical and virtual infrastructure
  • Consolidated audit data into a secure Oracle Database repository—protected by Oracle Database Vault—and enabled efficient monitoring and reporting, event alerts, and separations of duties to prevent fraud and errors related to sensitive information
  • Improved the organization’s ability to comply with external regulations and internal policies by reducing the time and effort required to detect potential security issues and demonstrate that mandated controls are effective
  • Enabled data-security administrators and auditors to manage, compare, and provision Oracle Database auditing settings across the environment directly from the administration web interface, reducing overall maintenance costs
  • Gained out-of-the-box visibility into information-altering activities—including details on what information was accessed by whom, at what time, and from which location—to protect application data from unauthorized access and comply with international IT security standards such as ISO/IEC 27001
  • Used Oracle Enterprise Manager 12c to extract a wide range of reports—such as privileged-user activity and changes to database structures—and empowered auditors with report-customization features, such as charts and graphs to help detect suspicious or unauthorized activity faster
  • Centralized the management of Oracle Database audit settings in the administrator’s interface and automated alerts for suspicious activity— simplifying IT security and internal auditing
  • Encrypted application data written to database files with Oracle Advanced Security’s transparent data encryption to keep data secure in the event of unauthorized access to files at the operating-system level, from discarded disk drives, and also from off-site backup disks
  • Safeguarded personal information of staff and citizens during database provisioning in nonproduction environments
  • Ensured real-time data replication with Oracle Active Data Guard to easily generate activity audits, helping to identify failure causes and prevent similar events in the future

 

Oracle’s strategy of engineering and integrating hardware and software to work best together, as well as the great tools and best practices that the Oracle Advanced Customer Support Services team brings to the table, guarantee that DoF and its constituents benefit from in-depth IT security that covers every layer of our cloud architecture. Following the advice of Abu Dhabi Systems & Information Centre, DoF chose Oracle for most of its infrastructure and applications. Multiple auditors tried to find a weak point in our security but they did not identify anything, so we’re really pleased with the result.

— Dr. Hazem EL Khatib, IT Director, Abu Dhabi Department of Finance

About Abu Dhabi Department of Finance

Headquarters

 
Abu Dhabi, United Arab Emirates
Published:  Dec 02, 2014