Database security
The threat to data has never been greater. Oracle Database helps reduce the risk of a data breach and simplifies regulatory compliance with security solutions for encryption and key management, granular access controls, flexible data masking, comprehensive activity monitoring, and sophisticated auditing capabilities.
Data drives every organization. Learn how data security solutions from Oracle work together to preserve the confidentiality, integrity, and availability of data stored in databases.
Oracle again named the overall leader in the 2021 KuppingerCole Leadership Compass for Database and Big Data Security.
Explore all aspects of database security, including today’s threats, architectural diagrams, and how to use best practices to mitigate risks to sensitive data.
Why database security is critical
Mitigate risks from misconfigured databases
Databases are complex systems with hundreds of parameters, profile options, and configuration directives—an almost infinite combination of settings. A misconfigured database increases the risk of an exploit that gains unauthorized access. Oracle security solutions assess risks from security configurations and users and identify areas where those risks can be mitigated or eliminated.
See database security solutionsRender stolen data useless
Hackers can steal clear-text database data directly from the database, storage, exports, or backups. Most data privacy regulations require or encourage masking or encryption of data at-rest and in-motion. Oracle Database offers comprehensive encryption, key management, and masking capabilities that scale to enterprise-level workloads.
Restrict unauthorized access by privileged users
Privileged users manage databases, but should all of them be able to access sensitive data? Reduce data breach risk from hackers or misuse of insider trust. Enforce separation of duties and prevent data theft, even from accounts with compromised passwords. Use context-sensitive security policies to control sensitive database options.
See database security solutionsMonitor access and demonstrate compliance
A breach can be blocked or mitigated if inappropriate access attempts are detected quickly. Audit database activities and monitor SQL queries in real-time. Use built-in and customized reports to address compliance requirements.
See database security solutionsDatabase security solutions
Assess security posture and risk profile
Misconfigured systems are a common contributor to data breaches. Unauthorized privileges and role grants can also lead to the loss or misuse of data. Assess hundreds of configuration settings for databases to quickly find security issues and mitigate any risks.
- Establish a secure baseline configuration and detect drift from that configuration.
- Monitor database accounts and quickly detect new accounts or changes to privileges for existing accounts.
- Get recommendations on improving security with Oracle best practices, CIS benchmarks, DISA STIGs, and the EU General Data Protection Regulation (GDPR).
- Mitigate risks by determining the exposure level and required security controls for the sensitive and personal data in your database.
- Identify highly privileged users whose accounts could present critical risks to the database if compromised or misused.
Solutions
- Oracle Data Safe
User and security assessment cloud service for cloud and on-premises databases.
Watch the Data Safe video (1:49) - Oracle Audit Vault and Database Firewall
Introduces database security posture management with Release 20.9. It provides a fleet-wide, simplified, and centralized view of security configuration assessments for all your Oracle Databases, along with the security findings and associated risks.
- Oracle Database Security Assessment Tool
Download the assessment utility to evaluate database security at no cost.
Encryption is a fundamental security technology
Without encrypting data in transit over the network, it’s too easy for bad actors to simply “sniff” the network traffic and view potentially sensitive data. Without encrypting data at rest inside the database, anyone who gains access to the underlying storage (including data files, backups, and database exports) can use file system tools to read the data directly, bypassing both access controls and audit policies. With Oracle encryption solutions, you can:
- Reduce the impact of a data breach and noncompliance by encrypting data.
- Improve manageability and resiliency by adopting proper key management.
Solutions
- Oracle Advanced Security
Oracle Advanced Security provides transparent data encryption (TDE) and data redaction. It is an integrated database option, so no installation is required. Data encryption is explicitly designed to be transparent to database sessions.
- Oracle Key Vault
Oracle Key Vault provides highly available key and secrets management.
Watch the Key Vault video (8:31)
Eliminate risk in test and development environments
Attackers frequently target test and development environments because they know that these environments are usually less likely to be monitored and often do not carry the same level of data protection controls. Data masking eliminates risk by replacing sensitive data with masked, artificial data so that even if there is a breach, no real data is lost. Identify and mask sensitive data quickly using templates and libraries.
Solutions
- Oracle Data Safe
Oracle Data Safe is a cloud service that scans your database for sensitive data and masks that sensitive data in nonproduction systems, removing the security risk.
Watch: Discover and Mask Sensitive Data with Data Safe (11:58) - Oracle Data Masking and Subsetting
Oracle Data Masking and Subsetting is a pack for Oracle Enterprise Manager that scans your database for sensitive data and masks that data in nonproduction systems to remove security risk. Data Masking and Subsetting also creates reduced-size copies of your data to minimize storage costs in nonproduction systems.
Enforce the principle of least privilege
Almost all database breaches involve the use of compromised accounts. Hackers specifically target application service accounts and database administrators as they have unfettered, wide access to sensitive data. But with data access control, you can:
- Enforce separation of duties to control access based on security privileges.
- Identify sensitive data and ensure that administrators can manage the database, but not access the sensitive data.
- Ensure that access is within the proper context, according to organizational policy, when access to sensitive data is allowed.
- Control SQL commands and critical database operations based on multiple factors.
Solutions
- Oracle Database Vault
Protect data from unauthorized access, even by privileged users, and lockdown database commands with this integrated database option.
Webcast: Secure privileged user accounts - Oracle Audit Vault and Database Firewall
Define a trusted path to the application basis on the session, object, command, and SQL queries and create an application user profile for the known traffic and block deviations.
- Oracle Label Security
This integrated database option can be used to restrict user and application access to data based on classification, organization, and more.
Detect threats and monitor activity
In most cases, unauthorized access is discovered after an event—sometimes several months after the initial breach. During the time between breach and discovery, attackers can exfiltrate data from the database, increasing the amount of damage they cause. Early detection shrinks the time to exfiltrate data and reduces the severity of the breach. In some cases, early detection can prevent a data breach altogether.
Monitoring database activity supports investigations that can help identify what happened, when it happened, and what data was accessed. By auditing and monitoring user activity across Oracle (and other) databases and operating systems, you can:
- Detect and block threats in database activity.
- Simplify compliance reporting and help identify risky user behavior.
- Comply with CIS benchmarks and DISA STIG auditing requirements.
- Provision audit policies that balance the need to monitor activity with the impact of collecting and storing audit data.
Solutions
- Oracle Data Safe
Audits data collection, alerting, and compliance reporting cloud service for cloud and on-premises databases.
Watch: Provisioning Audit and Alert policies (8:36)
Watch: Analyze Audit Records and Alerts (7:26) - Oracle Audit Vault and Database Firewall
Cross-platform audit data collection, database activity monitoring, and flexible reporting, delivered as a software appliance.
Watch an overview of Oracle Audit Vault and Database Firewall (10:46)
Get hands-on experience using Oracle security solutions with LiveLabs guided workshops.
Oracle Database security customer successes
Oracle Database security customers leverage a wide range of solutions to protect sensitive data from internal and external threats and to simplify and accelerate compliance efforts.
SOHO Media Solutions Chooses Oracle Data Safe to Improve Database Security and Address GDPR Compliance
Oracle Data Safe Update Delivers a New Look and Enhanced Capabilities
Michael Mesaros, Director of Product Management, Database Security
Oracle Data Safe delivers essential data security services for Oracle Databases, both in the cloud and on-premises, all through an accessible, easy-to-use cloud-based interface that requires no installation or deployment. Since launching Data Safe over two years ago, the product team has added several new capabilities and features. With the latest update to Oracle Data Safe, we have completed the migration of all Data Safe features to the Oracle Cloud Infrastructure (OCI) console.
Resources
Introduction to Oracle Database security
Familiarize yourself with Oracle Database’s rich set of security features and options to manage user accounts, authentication, privileges, application security, encrypting data at rest and in motion, auditing, and more.
Oracle Database security documentation
Explore Oracle’s robust documentation for database security to understand functionality, improve your own skills, and troubleshoot issues. Dedicated sections include access management, application security, data encryption and redaction, and more.
AskTOM database security Office Hours
AskTOM Office Hours offers free, open Q&A sessions with the database security product management team. Office Hours helps you fully leverage the multitude of enterprise-strength database security tools available to your organization.
Continuing database security education
- Watch: Why Oracle Database Security? (8:15)
- Subscribe: Oracle Database Security monthly office hours
- Read: the latest database security blogs
- Practice: Get hands-on with database security
Discover content based on category, product, or content type with Oracle Learning Library. You can also learn new skills to help you develop your career and even collaborate with other users.
Critical patch updates, security alerts, and bulletins
The Oracle Playbook series
We've compiled the secrets to our people, process, and systems strategy. And we want to share it with you.
Get started
Try Data Safe at no cost
Oracle Cloud trial accounts include the ability to register one on-premises (or third-party cloud) database with Data Safe at no cost. Learn what Data Safe can do to simplify the work of securing your database.
Run the Database Security Assessment Tool
Quickly assess database security posture and get recommendations to mitigate risks.
Try the solutions for yourself
Explore the database security workshops on Oracle LiveLabs and try these solutions for yourself.
Contact sales
Talk to a team member about Oracle database security.