The threat to data has never been greater. Oracle Database helps reduce the risk of a data breach and simplifies regulatory compliance with security solutions for encryption and key management, granular access controls, flexible data masking, comprehensive activity monitoring, and sophisticated auditing capabilities.
Data drives every organization. Learn how data security solutions from Oracle work together to preserve the confidentiality, integrity, and availability of data stored in databases.
Oracle again named the overall leader in the 2021 KuppingerCole Leadership Compass for Database and Big Data Security.
Explore all aspects of database security, including today’s threats, architectural diagrams, and how to use best practices to mitigate risks to sensitive data.
Databases are complex systems with hundreds of parameters, profile options, and configuration directives—an almost infinite combination of settings. A misconfigured database increases the risk of an exploit that gains unauthorized access. Oracle security solutions assess risks from security configurations and users and identify areas where those risks can be mitigated or eliminated.See database security solutions
Hackers can steal clear-text database data directly from the database, storage, exports, or backups. Most data privacy regulations require or encourage masking or encryption of data at-rest and in-motion. Oracle Database offers comprehensive encryption, key management, and masking capabilities that scale to enterprise-level workloads.
Privileged users manage databases, but should all of them be able to access sensitive data? Reduce data breach risk from hackers or misuse of insider trust. Enforce separation of duties and prevent data theft, even from accounts with compromised passwords. Use context-sensitive security policies to control sensitive database options.See database security solutions
A breach can be blocked or mitigated if inappropriate access attempts are detected quickly. Audit database activities and monitor SQL queries in real-time. Use built-in and customized reports to address compliance requirements.See database security solutions
Misconfigured systems are a common contributor to data breaches. Unauthorized privileges and role grants can also lead to the loss or misuse of data. Assess hundreds of configuration settings for databases to quickly find security issues and mitigate any risks.
Without encrypting data in transit over the network, it’s too easy for bad actors to simply “sniff” the network traffic and view potentially sensitive data. Without encrypting data at rest inside the database, anyone who gains access to the underlying storage (including data files, backups, and database exports) can use file system tools to read the data directly, bypassing both access controls and audit policies. With Oracle encryption solutions, you can:
Oracle Advanced Security provides transparent data encryption (TDE) and data redaction. It is an integrated database option, so no installation is required. Data encryption is explicitly designed to be transparent to database sessions.
Oracle Key Vault provides highly available key and secrets management.
Watch the Key Vault video (8:31)
Attackers frequently target test and development environments because they know that these environments are usually less likely to be monitored and often do not carry the same level of data protection controls. Data masking eliminates risk by replacing sensitive data with masked, artificial data so that even if there is a breach, no real data is lost. Identify and mask sensitive data quickly using templates and libraries.
Oracle Data Safe is a cloud service that scans your database for sensitive data and masks that sensitive data in nonproduction systems, removing the security risk.
Watch: Discover and Mask Sensitive Data with Data Safe (11:58)
Oracle Data Masking and Subsetting is a pack for Oracle Enterprise Manager that scans your database for sensitive data and masks that data in nonproduction systems to remove security risk. Data Masking and Subsetting also creates reduced-size copies of your data to minimize storage costs in nonproduction systems.
Almost all database breaches involve the use of compromised accounts. Hackers specifically target application service accounts and database administrators as they have unfettered, wide access to sensitive data. But with data access control, you can:
Protect data from unauthorized access, even by privileged users, and lockdown database commands with this integrated database option.
Webcast: Secure privileged user accounts
This integrated database option can be used to restrict user and application access to data based on classification, organization, and more.
In most cases, unauthorized access is discovered after an event—sometimes several months after the initial breach. During the time between breach and discovery, attackers can exfiltrate data from the database, increasing the amount of damage they cause. Early detection shrinks the time to exfiltrate data and reduces the severity of the breach. In some cases, early detection can prevent a data breach altogether.
Monitoring database activity supports investigations that can help identify what happened, when it happened, and what data was accessed. By auditing and monitoring user activity across Oracle (and other) databases and operating systems, you can:
Audits data collection, alerting, and compliance reporting cloud service for cloud and on-premises databases.
Watch: Provisioning Audit and Alert policies (8:36)
Watch: Analyze Audit Records and Alerts (7:26)
Cross-platform audit data collection, database activity monitoring, and flexible reporting, delivered as a software appliance.
Watch an overview of Oracle Audit Vault and Database Firewall (8:38)
Webcast: Database activity auditing
Get hands-on experience using Oracle security solutions with LiveLabs guided workshops.
Oracle Database security customers leverage a wide range of solutions to protect sensitive data from internal and external threats and to simplify and accelerate compliance efforts.
Michael Mesaros, Director of Product Management, Database Security
Oracle Data Safe delivers essential data security services for Oracle Databases, both in the cloud and on-premises, all through an accessible, easy-to-use cloud-based interface that requires no installation or deployment. Since launching Data Safe over two years ago, the product team has added several new capabilities and features. With the latest update to Oracle Data Safe, we have completed the migration of all Data Safe features to the Oracle Cloud Infrastructure (OCI) console.
Familiarize yourself with Oracle Database’s rich set of security features and options to manage user accounts, authentication, privileges, application security, encrypting data at rest and in motion, auditing, and more.
Explore Oracle’s robust documentation for database security to understand functionality, improve your own skills, and troubleshoot issues. Dedicated sections include access management, application security, data encryption and redaction, and more.
AskTOM Office Hours offers free, open Q&A sessions with the database security product management team. Office Hours helps you fully leverage the multitude of enterprise-strength database security tools available to your organization.
Discover content based on category, product, or content type with Oracle Learning Library. You can also learn new skills to help you develop your career and even collaborate with other users.
Oracle provides both the technology and the guidance you need to succeed at every step of your journey, from planning and adoption through to continuous innovation.
Oracle Cloud trial accounts include the ability to register one on-premises (or third-party cloud) database with Data Safe at no cost. Learn what Data Safe can do to simplify the work of securing your database.
Quickly assess database security posture and get recommendations to mitigate risks.
Explore the database security workshops on Oracle LiveLabs and try these solutions for yourself.
Talk to a team member about Oracle database security.