Provides information on using Oracle Data Safe on Autonomous Database.
About Oracle Data Safe with Autonomous Database Oracle Data Safe, which is included with Autonomous Database, provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle Databases.
Oracle Data Safe, which is included with Autonomous Database,
provides a unified control center that helps you manage the day-to-day security and
compliance requirements of Oracle Databases.
Data Safe helps you to evaluate security controls, assess user security, monitor user
activity, mitigate risk from compromised accounts, and address data security compliance
requirements for your database. Data Safe accomplishes this by evaluating the
sensitivity of your data and assisting you when you need to mask sensitive data for
non-production databases.
Oracle Data Safe provides features to assist you when:
Your organization's policies require that you monitor your databases and retain
audit records.
You need to protect against common database attacks coming from risks
such as compromised accounts.
Your developers need to use copies of production data for work on a
new application and you're wondering what kinds of sensitive information the
production data contains.
You need to make sure that staff changes haven't left dormant user
accounts on your databases.
Oracle Data Safe provides the following:
Security Assessment: Configuration errors and configuration drift are
significant contributors to data breaches. Use security assessment to evaluate
your database's configuration and compare it to Oracle and industry best
practices. Security assessment provides reports on areas of risk and notifies
you when configurations change.
User Assessment: Many breaches start with a compromised user account. User
Assessment helps you spot the riskiest database accounts, those accounts which
if compromised could cause the most damage. User Assessment helps you take
proactive steps to secure these accounts. User Assessment Baselines make it easy
to know when new accounts are added, or when an account's privileges are
modified. You can use Oracle Cloud Infrastructure Events to receive proactive notifications when a database deviates from its
baseline.
Data Discovery: Provides support to locate and to manage sensitive data in
your applications. Data discovery scans your database for over 150 different
types of sensitive data and helps you to understand what types and how much
sensitive data you are storing. Use the data discovery reports to formulate
audit policies, develop data masking templates, and create effective access
control policies.
Data Masking Minimize the amount of sensitive data your organization
maintains to help you meet compliance requirements and satisfy data privacy
regulations. Data masking helps you remove risk from your non-production
databases by replacing sensitive information with masked data. With reusable
masking templates, over 50 included masking formats, and the ability to easily
create custom formats for your organization's unique requirements, data masking
can streamline your application development and testing operations.
Activity Auditing Activity auditing collects audit records from databases and
helps you manage audit policies. Understanding and reporting on user activity,
data access, and changes to database structures supports regulatory compliance
requirements and can aid in post-incident investigations. Audit insights make it
easy to identify inefficient audit policies, while alerts based on audit data
proactively notify you of risky activity.
Note
One (1) million audit records
per database per month are included for your Autonomous Database if using the audit
collection for Activity Auditing in Oracle Data Safe.
SQL Firewall Management Protect against risks such as SQL
injection attacks or compromised accounts. Oracle SQL FirewallFoot 1 is a security capability available with Oracle Database 23ai that
offers best-in-class protection against these risks. The SQL Firewall feature in
Oracle Data Safe lets you centrally manage and monitor the SQL Firewall policies
for your target databases. Data Safe lets you collect authorized SQL activities
of a database user, generate and enable the policy with allowlists of approved
SQL statements and database connection paths and provides a comprehensive view
of any SQL Firewall violations across the fleet of your target databases.
If you are registering an Autonomous Database that is configured to use a private IP address, then you need
to create an Oracle Data Safe private endpoint either before or during registration.
To determine where sensitive data is stored in your
database, run Data Discovery. After you know where sensitive data is
stored in your database, you can create a masking policy: Create Masking
Policies
For example, after you create a masking policy you can
make a copy of a production database and apply the masking policy to
the non-production database: Mask Sensitive Data
on a Target Database
SQL FirewallFoot 1 in Oracle Data Safe lets you centrally manage the SQL Firewalls and provides a
comprehensive view of SQL Firewall violations across the fleet of
your target databases. Data Safe lets you collect authorized SQL
activities of a database user you wish to protect, monitor the
progress of the collection, generate and enable the policy with
allowlists of approved SQL statements and database connection
paths.