Oracle's Data-Driven Security products and features centralize data access policies in Oracle Database 19c, standardizing security across all applications, both on-premises and on cloud. Oracle Label Security uses row level data classifications to enforce access controls restricting users to only the data they are allowed to access. It enables organizations to control their operational and storage costs by enabling data with different levels of sensitivity to co-mingle within the same database. Oracle Label Security also provides a cost-efficient way to address regulatory requirements for managing access to data on a need to know basis.
Oracle Label Security enables companies and government organizations to consolidate data with different access requirements (including government classified data) into the same database. It implements multilevel access controls based on the classification of the data and the access label of the application user. This powerful capability enables access to sensitive data associated with R&D projects, non-public financial information, or healthcare information to be enforced inside Oracle Database 18c.
Centralizing application data access policies using Oracle Label Security reduces application development time and complexity for every application. Updating and maintaining application data access security policies becomes easier since it can be done at one time and in one location.
Many organizations maintain multiple copies of the exact same application schema on different databases to segment data access to specific groups (each retail store, finance groups, government…). Maintaining multiple copies of the same database across the organization leads to higher maintenance costs along with difficulty in creating cross-organization reports. Unifying this data on a single database reduces operational overhead while maintaining the same separation of data access controls
With Oracle Label Security, sensitive projects such as research and development plans, merger and acquisition plans, or financial information are accessible to different people depending on their need-to-know. Label compartments can authorize the right people to view only the projects they have access to, eliminating the need to develop or re-code applications to meet row level access control requirements.
Financial revenue data that is managed by an organization can organize the data by groups using Oracle Label Security. Staff working with individual countries can be restricted to only seeing their own country’s data. Regional managers who oversee a group of countries can see all the country data in their region. Global managers can see the data from every country. And all the data resides securely in the same database tables, without the need to create separate tables and databases for each country. Reporting, data management and data security are simplified.
Oracle Label Security can consolidate data with different sensitivity levels into a single set of database tables. For example, data sensitivity levels can be defined as "Public", "Sensitive" and "Most Sensitive," with the ability to define more levels as needed. Depending on the user access level (public, employee, manager, executive, etc.) a user can access data up to the level they have access to. There is no need to keep separate tables to manage the same data – each row of data is labeled with levels. Managing the sensitivity of the data simplifies and enhances the security of the data throughout its lifetime.