Oracle Cloud Infrastructure Documentation

Use Oracle Data Safe with Autonomous Database

Provides information on using Oracle Data Safe on Autonomous Database.

Parent topic: Security

About Oracle Data Safe with Autonomous Database

Oracle Data Safe, which is included with Autonomous Database, provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle Databases.

Data Safe helps you to evaluate security controls, assess user security, monitor user activity, mitigate risk from compromised accounts, and address data security compliance requirements for your database. Data Safe accomplishes this by evaluating the sensitivity of your data and assisting you when you need to mask sensitive data for non-production databases.

Oracle Data Safe provides features to assist you when:

  • Your organization's policies require that you monitor your databases and retain audit records.

  • You need to protect against common database attacks coming from risks such as compromised accounts.

  • Your developers need to use copies of production data for work on a new application and you're wondering what kinds of sensitive information the production data contains.

  • You need to make sure that staff changes haven't left dormant user accounts on your databases.

Oracle Data Safe provides the following:

  • Security Assessment: Configuration errors and configuration drift are significant contributors to data breaches. Use security assessment to evaluate your database's configuration and compare it to Oracle and industry best practices. Security assessment provides reports on areas of risk and notifies you when configurations change.

  • User Assessment: Many breaches start with a compromised user account. User Assessment helps you spot the riskiest database accounts, those accounts which if compromised could cause the most damage. User Assessment helps you take proactive steps to secure these accounts. User Assessment Baselines make it easy to know when new accounts are added, or when an account's privileges are modified. You can use Oracle Cloud Infrastructure Events to receive proactive notifications when a database deviates from its baseline.

  • Data Discovery: Provides support to locate and to manage sensitive data in your applications. Data discovery scans your database for over 150 different types of sensitive data and helps you to understand what types and how much sensitive data you are storing. Use the data discovery reports to formulate audit policies, develop data masking templates, and create effective access control policies.

  • Data Masking Minimize the amount of sensitive data your organization maintains to help you meet compliance requirements and satisfy data privacy regulations. Data masking helps you remove risk from your non-production databases by replacing sensitive information with masked data. With reusable masking templates, over 50 included masking formats, and the ability to easily create custom formats for your organization's unique requirements, data masking can streamline your application development and testing operations.

  • Activity Auditing Activity auditing collects audit records from databases and helps you manage audit policies. Understanding and reporting on user activity, data access, and changes to database structures supports regulatory compliance requirements and can aid in post-incident investigations. Audit insights make it easy to identify inefficient audit policies, while alerts based on audit data proactively notify you of risky activity.

    Note

    One (1) million audit records per database per month are included for your Autonomous Database if using the audit collection for Activity Auditing in Oracle Data Safe.

See Oracle Data Safe Overview for more information.

Register Autonomous Database with Oracle Data Safe

To use Oracle Data Safe you first need to register your database with Oracle Data Safe.

To get started, register your database:

  1. Apply the necessary Identity and Access Management (IAM) permissions to register your target database.
  2. If you are registering an Autonomous Database that is configured to use a private IP address, then you need to create an Oracle Data Safe private endpoint either before or during registration.
  3. Use the Oracle Data Safe Wizard to register your Autonomous Database instance.

    See Register an Autonomous Database for details on the registration steps.

Use Oracle Data Safe Features

After you register Autonomous Database with Oracle Data Safe you can use the Data Safe features.

Data Safe Feature More Information

Security Assessment

Security Assessments are automatically scheduled once a week. Start by reviewing the security assessment report for your database: View the latest assessment for a target database.

See Security Assessment Overview for more information.

User Assessment

User Assessments are automatically scheduled once a week. Start by reviewing the user assessment report for your database: View the latest user assessment for a target database

See User Assessment Overview for more information.

Data Discovery

Start by discovering sensitive data in your database: Create Sensitive Data Models

See Data Discovery Overview for more information.

Data Masking

To determine where sensitive data is stored in your database, run Data Discovery. After you know where sensitive data is stored in your database, you can create a masking policy: Create Masking Policies

For example, after you create a masking policy you can make a copy of a production database and apply the masking policy to the non-production database: Mask Sensitive Data on a Target Database

See Data Masking Overview for more information.

Activity Auditing

To use activity auditing, start the audit trail for your target database in Data Safe: Start an Audit Trail

After the audit trail is started you can monitor and analyze your audit data with pre-defined audit reports: View a Predefined or Custom Audit Report

See Activity Auditing Overview for more information.