Oracle MAA

1
(No Transcript)
2
(No Transcript)
3
Oracle Data Processing Security
Prezentacja wybranych elementów oferty
technologicznej Oracle
Michal Jerzy Kostrzewa Central Europe Cluster
Technology Solution Sales Manager Michal.Kostrzewa
_at_Oracle.com
Tallinn, 18th March 2008 r.
4
Agenda

• Customer needs
• Technological offering
• Data protection holistic approach

5
Customer needs
6
Data processing security

• Economic factor
• How much costs 1 hour of downtime ?
• How much costs 1 hour of slowdown ?
• Non-economic factor
• Institution credibility requires credibility of
  operations
• Customer perception
• Legal regulations (SOX, Basel, etc.)
• Correct results
• Confidentiality

7
Securing against known unknown

• Problems with IT environment
• IT Infrastructure
• Hardware, Software, Communication (network, etc)
• Human factor
• Errors, Attacks
• External factors
• Fire, flood, earthquake, coal mine damages...
• Terrorist attacks, military actions

8
Ensuring secure, continuous data processing

• Infrastructure
• HA configurations (MAA)
• BR, DR solutions
• Access control audit
• Security policies
• Security is about policy
• Independent evaluation/tests
• Practice procedures
• E.g. Separation of production/dev/test
  environments

9
Technological offering
10
Oracle Database Security Products

• Access Control
• Oracle Database Vault
• Oracle Label Security

• User Management
• Oracle Identity Management
• Enterprise User Security

Core Platform Security

• Monitoring
• Oracle Audit Vault
• EM Configuration Pack

• Data Protection
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Total Recall

11
Oracle Database Security Products

• Access Control
• Oracle Database Vault
• Oracle Label Security

• User Management
• Oracle Identity Management
• Enterprise User Security

Core Platform Security

• Monitoring
• Oracle Audit Vault
• EM Configuration Pack

• Data Protection
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Total Recall

12
Oracle Database Security Products

• Access Control
• Oracle Database Vault
• Oracle Label Security

• User Management
• Oracle Identity Management
• Enterprise User Security

Core Platform Security

• Monitoring
• Oracle Audit Vault
• EM Configuration Pack

• Data Protection
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Total Recall

13
(No Transcript)
14
Oracle Database Vault Compliance and Insider
Threats

• Controls on privileged users
• Restrict DBA access to application data
• Provide Separation of Duty
• Security for database and information
  consolidation
• Enforce data access security policies
• Control who, when, where and how is data accessed
• Make decision based on IP address, time, auth
• Back Ported to Oracle9i R2
• Validated with PeopleSoft
• E-Biz other Apps validation underway, including
  3rd party

Realms
Reports
Multi-Factor Authorization
Command Rules
Separation of Duty
15
Oracle Label SecurityManageability

• Policy based model
• Multiple policies supported
• ACME, HR, Legal
• Policies are umbrellas applying to one or more
  tables, schemas, users
• Web based management
• Integrated with Oracle Identity Management

16
Oracle Database Security Products

• Access Control
• Oracle Database Vault
• Oracle Label Security

• User Management
• Oracle Identity Management
• Enterprise User Security

Core Platform Security

• Monitoring
• Oracle Audit Vault
• EM Configuration Pack

• Data Protection
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Total Recall

17
Data loss may not be forgotten

• General Electric, Sep. 06 lost laptop
• Chase Card Systems, Sep. 06 tape thrown in
  trash
• Wells Fargo, Sep. 06 stolen laptop
• CA Dept. of Mental Health, Aug. 06 missing tape
• Sovereign Bank, Aug. 06 stolen laptop
• Chevron, Aug. 06 stolen laptop
• US Dept. of Transportation, Aug. 06 stolen
  laptop
• Cablevision, Jul. 06 lost tape
• US Dept. of Veterans Affairs, Jun. 06 lost
  computer
• Nelnet Inc./UPS, Jul. 06 lost tape

18
Oracle Advanced SecurityTransparent Encryption
and Strong Authentication Services
Strong Authentication
Transparent Network Encryption

Data Transparently Decrypted Through SQL Interface
Data Written To Disk Transparently Encrypted
Transparent Data Encryption
No changes to existing applications No triggers,
no views Minimal performance impact
Transparent Data Encryption with RMAN Can
Encrypt entire Backups Sent to Disk
Secure Backup protects tape media
TDE supported by Oracle E-Business Suite and SAP
19
Oracle Total Recalltotal recall Eidetic
memory, photographic memory

• Data retention and change control requirements
  are growing
• Regulatory oversight and Compliance (SOX, HIPAA,
  Basel-II, etc)
• Business needs
• temporal dimension, understand past behavior
  and patterns
• Failure to maintain appropriate history
  retention is expensive
• Legal risks, Loss of Reputation
• Current approaches often inefficient
• Needed easy, read-only access to hitorical data
• Oracle offering
• Flashback data archive, flashback technologies
• Recovery Manager
• DataRecovery Advisor

20
Oracle Database Security Products

• Access Control
• Oracle Database Vault
• Oracle Label Security

• User Management
• Oracle Identity Management
• Enterprise User Security

Core Platform Security

• Monitoring
• Oracle Audit Vault
• EM Configuration Pack

• Data Protection
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Total Recall

21
Oracle Audit Vault
Monitor
Policies
Security
Reports
(Future)Other Sources,Databases
Oracle 9iR2
10gR2
10gR1
22
EM Config. Mgmt Pack for DatabaseCompliance-drive
n Secure Configuration Policies

• Automate Database Security Assessment
• database parameters
• database profile
• database access
• database file permissions
• post-installation checks
• Track Configuration Drift across all monitored
  databases
• Supports 8i and higher database releases
• Maps to COBIT, CIS, and Oracles best practices

23
Data protection hollistic approach

• The crown jewel of the offering

24
Grid Computing whassup?
Definition computing model that treats all
resources as a collection of manageable entities
with common interfaces to such functionality as
lifetime management, discoverable properties and
accessibility via open protocols. Resource
allocation in a grid is increasingly done in
accordance with SLAs (Wikipedia)

• Pool of shared resources
• resources virtualisation
• Load balancing
• Dynamic provisioning
• Unified management monitoring

25
Oracle Grid Technologies

• Mass storage
• Automatic data placement / rebalancing
• Automatic Storage Management
• Database servers, app servers
• Automatic load balancing
• Dynamic resource allocation
• Real Application Cluster
• Application Server 10g
• Management
• Hollistic approach
• Enterprise Grid Manager
• Management packs

26
Grid load management
Traditional architekture processing islands
27
... Because pure technology is not everything

• Maximum Availability Architecture is
• Recommended way of creating secure available
  systems
• ... Broad Oracle product usage
• Use-cases, examples
• Living knowledge regularly modified
  enhanced
• New experiences
• New products
• Focus on supporting continuous data processing,
  regardless of reason
• Unplanned failure
• Planned maintenance
• Partnered with vendors
• HP, Sun, Dell, more...

http//www.oracle.com/technology/deploy/availabili
ty/htdocs/maa.htm
28
Summary
29
Oracle data processing securityoffering
Unplanned downtime
Oracle MAA Best Practices
Planned downtime
30
(No Transcript)