An introduction to Oracle’s maximum security architecture

Many databases need more protection beyond baseline security. With Oracle, database security is available whether you adopt an on-premises database or a cloud-based database via Oracle Autonomous Database.

Autonomous Database

Discuss your baseline security questions or organise an assessment of your critical databases with an Oracle specialist.

Security is the cost of doing business

Security is a cost of doing business

Companies often tout that data is their greatest asset for competition and differentiation. Now, more than ever, modern businesses rely on data to optimize their decisions, unlock new business opportunities, and differentiate themselves from competitors. At the same time, companies are challenged to protect their growing volume of data from increasing security threats that could ruin their brand and profits.

Hacking is a proven risk for all companies. Sensitive data is a prime target for data thieves for profiteering and/or espionage. Risk is a product of threat, value, vulnerability, and impact. To reduce that risk, companies must prioritise data security.

What does it take to truly secure a database?

Securing your Oracle Database is critical to keep your sensitive data safe and stay compliant with the many, new privacy regulations throughout the world. Whether it’s your intellectual property, financial data, personal data about customers or staff, or (more likely) a combination of all three, your data is extremely valuable. And users and applications need to use the data and connect to the database.

To protect your data from theft and misuse, you need security controls that restrict access to data according to your policy.

Oracle is the database of choice for most large organisations. Oracle Databases contain the majority of the world’s relational data. More importantly, Oracle Database Enterprise Edition has native security options. All you need to do is turn them on.

Securing an Oracle Database
Protect your critical data assets Protect your critical data assets

Download this free technical brief to discover how you can reduce and manage data security risks. Learn how you can streamline and enhance data security using integrated services from Oracle Advanced Customer Services.

Reinforce your cybersecurity Reinforce your cybersecurity

Explore all the benefits of integrated security services and how Oracle Advanced Customer Services can help you push back against the growing attack surface and persistent attackers.

Security zones of control

An effective database security strategy depends on several security controls working together in unison. These controls can be divided into three categories: assess, detect, and prevent.

  • Assess

    Assess the current state of the database.

  • Detect

    Detect attempts to access data, especially attempts that violate policy.

  • Prevent

    Prevent inappropriate or out-of-policy access to data.

Security zones of control

How are databases attacked?

Databases are valuable repositories of sensitive information, and attackers are almost always going to target them. Before we think about defending against these types of attacks, let’s look at how they normally occur.

If the attackers can’t compromise an administrator account, your end user accounts are their next targets. Even with lower access privileges, user accounts are often a useful stepping stone, and hackers will often use SQL injection attacks to get that desired administrator access.

Applications also make attractive targets because they are frequently more exposed than the database or database server—often they are even available from outside the corporate firewall. If an attacker manages to penetrate the internal network, they may choose to go after data travelling over that network: data in transit, rather than at rest. This type of attack is much less likely to be detected than attempts to access the database directly.

Other popular attack targets are the underlying data files, database backups, and database exports. Here again, if the attacker is successful, they may be able to gain access to the data in the database without ever having to try to log into it.

Hackers often utilise automated attack toolkits to exploit patching vulnerabilities or find nonproduction copies of the data. In many cases, the test and development instances are just clones of production and have almost no security controls or data masking for sensitive data.

Is Baseline Security enough protection?

Depending on how many users you have and the types of data and number of databases across your organisation, you may want to implement centralized authentication that integrates LDAP with Oracle security.

Oracle Database offers a comprehensive auditing capability that can be used to audit database connections (especially failed logins); data control language, including the creation of users and privilege grants; and data definition language, such as the creation of stored procedures in the database. This level of auditing presents minimal performance impact.

Is a baseline security posture appropriate for the level of risk presented by your data? Or should you do more to protect your data now that you could be facing penalties for a data breach or leak?

Baseline Security

Gain greater security with maximum security architecture

An effective database security strategy is going to take several different security controls, all working together. Here’s how you can implement a secure architecture that is focused on assessing, detecting, and preventing current and potential threats.

  • The common plan includes assessing security, detecting inappropriate activity, and preventing unauthorized access to data, but there is a fourth type of security control that is unique to databases: data-driven security. This approach provides fine-grained access control at the data row or column level. Oracle offers a variety of data-driven security features, including Real Application Security, that work together to create the maximum security architecture.

  • Not every database needs the entire maximum security architecture, but many large databases need more protection beyond baseline security, including:

    • Transparent data encryption
    • Data masking and redaction
    • Separate administrator management from data access
    • Event auditing to detect break-ins and theft attempts

Get started

Book a security assessment or review your baseline

Get in touch with an Oracle security specialist to discuss your baseline security questions. Or organise a complete assessment of your critical databases.