Use Oracle Data Safe with Autonomous Database
Provides information on using Oracle Data Safe on Autonomous Database.
- About Oracle Data Safe with Autonomous Database
Oracle Data Safe, which is included with Autonomous Database, provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle Databases. - Register Autonomous Database with Oracle Data Safe
To use Oracle Data Safe you first need to register your database with Oracle Data Safe. - Use Oracle Data Safe Features
After you register Autonomous Database with Oracle Data Safe you can use the Data Safe features.
Parent topic: Security
About Oracle Data Safe with Autonomous Database
Oracle Data Safe, which is included with Autonomous Database, provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle Databases.
Data Safe helps you to evaluate security controls, assess user security, monitor user activity, mitigate risk from compromised accounts, and address data security compliance requirements for your database. Data Safe accomplishes this by evaluating the sensitivity of your data and assisting you when you need to mask sensitive data for non-production databases.
Oracle Data Safe provides features to assist you when:
-
Your organization's policies require that you monitor your databases and retain audit records.
-
You need to protect against common database attacks coming from risks such as compromised accounts.
-
Your developers need to use copies of production data for work on a new application and you're wondering what kinds of sensitive information the production data contains.
-
You need to make sure that staff changes haven't left dormant user accounts on your databases.
Oracle Data Safe provides the following:
-
Security Assessment: Configuration errors and configuration drift are significant contributors to data breaches. Use security assessment to evaluate your database's configuration and compare it to Oracle and industry best practices. Security assessment provides reports on areas of risk and notifies you when configurations change.
-
User Assessment: Many breaches start with a compromised user account. User Assessment helps you spot the riskiest database accounts, those accounts which if compromised could cause the most damage. User Assessment helps you take proactive steps to secure these accounts. User Assessment Baselines make it easy to know when new accounts are added, or when an account's privileges are modified. You can use Oracle Cloud Infrastructure Events to receive proactive notifications when a database deviates from its baseline.
-
Data Discovery: Provides support to locate and to manage sensitive data in your applications. Data discovery scans your database for over 150 different types of sensitive data and helps you to understand what types and how much sensitive data you are storing. Use the data discovery reports to formulate audit policies, develop data masking templates, and create effective access control policies.
-
Data Masking Minimize the amount of sensitive data your organization maintains to help you meet compliance requirements and satisfy data privacy regulations. Data masking helps you remove risk from your non-production databases by replacing sensitive information with masked data. With reusable masking templates, over 50 included masking formats, and the ability to easily create custom formats for your organization's unique requirements, data masking can streamline your application development and testing operations.
-
Activity Auditing Activity auditing collects audit records from databases and helps you manage audit policies. Understanding and reporting on user activity, data access, and changes to database structures supports regulatory compliance requirements and can aid in post-incident investigations. Audit insights make it easy to identify inefficient audit policies, while alerts based on audit data proactively notify you of risky activity.
Note
One (1) million audit records per database per month are included for your Autonomous Database if using the audit collection for Activity Auditing in Oracle Data Safe. -
SQL Firewall Management Protect against risks such as SQL injection attacks or compromised accounts. Oracle SQL FirewallFoot 1 is a security capability available with Oracle Database 23ai that offers best-in-class protection against these risks. The SQL Firewall feature in Oracle Data Safe lets you centrally manage and monitor the SQL Firewall policies for your target databases. Data Safe lets you collect authorized SQL activities of a database user, generate and enable the policy with allowlists of approved SQL statements and database connection paths and provides a comprehensive view of any SQL Firewall violations across the fleet of your target databases.
See Oracle Data Safe Overview for more information.
Parent topic: Use Oracle Data Safe with Autonomous Database
Register Autonomous Database with Oracle Data Safe
To use Oracle Data Safe you first need to register your database with Oracle Data Safe.
To get started, register your database:
Parent topic: Use Oracle Data Safe with Autonomous Database
Use Oracle Data Safe Features
After you register Autonomous Database with Oracle Data Safe you can use the Data Safe features.
Data Safe Feature | More Information |
---|---|
Security Assessment |
Security Assessments are automatically scheduled once a week. Start by reviewing the security assessment report for your database: View the latest assessment for a target database. See Security Assessment Overview for more information. |
User Assessment |
User Assessments are automatically scheduled once a week. Start by reviewing the user assessment report for your database: View the latest user assessment for a target database See User Assessment Overview for more information. |
Data Discovery |
Start by discovering sensitive data in your database: Create Sensitive Data Models See Data Discovery Overview for more information. |
Data Masking |
To determine where sensitive data is stored in your database, run Data Discovery. After you know where sensitive data is stored in your database, you can create a masking policy: Create Masking Policies For example, after you create a masking policy you can make a copy of a production database and apply the masking policy to the non-production database: Mask Sensitive Data on a Target Database See Data Masking Overview for more information. |
Activity Auditing |
To use activity auditing, start the audit trail for your target database in Data Safe: Start an Audit Trail After the audit trail is started you can monitor and analyze your audit data with pre-defined audit reports: View a Predefined or Custom Audit Report See Activity Auditing Overview for more information. |
SQL Firewall |
SQL FirewallFoot 1 in Oracle Data Safe lets you centrally manage the SQL Firewalls and provides a comprehensive view of SQL Firewall violations across the fleet of your target databases. Data Safe lets you collect authorized SQL activities of a database user you wish to protect, monitor the progress of the collection, generate and enable the policy with allowlists of approved SQL statements and database connection paths. Start by enabling the SQL Firewall in your 23ai target database: Enable SQL Firewall On Your Target Database Next, you need to generate and enable a SQL Firewall policy with allowlists for the database user you wish to protect: Generate and Enforce SQL Firewall Policies. After you start enforcing the SQL Firewall policy, you can monitor and analyze the violations in the predefined violation reports: View and Manage Violations Reports. You can find more details on SQL Firewall at SQL Firewall Overview. |
Parent topic: Use Oracle Data Safe with Autonomous Database
Footnote Legend
Footnote 1: SQL Firewall is only available with Oracle Database 23ai.