Oracle considers cloud security its highest priority, and the security responsibilities are shared between Oracle and you.
Oracle and Your Responsibilities
Oracle regularly evaluates critical patch updates and security alert fixes as well as relevant third-party fixes as they become available and applies the relevant patches in accordance with the applicable change management processes. Security vulnerabilities are patched on a regular cadence.
You are required to do the following:
- Track vulnerabilities and regularly perform security scans and security assessments on the MySQL HeatWave DB systems.
- Read and assess information related to critical patch updates and security alerts and bulletins. See Security Alerts.
- Apply critical software upgrades and corrective measures.
- In case you require additional information that is not addressed, submit a service request within your designated support system. See Creating a Support Request.
Oracle provides you various features such as in-transit encryption, data masking, and deletion plan to keep your data safe and secure.
Table 3-1 Security Features
|Database access control and account management||Use MySQL security features to control access and manage your account. See Access Control and Account Management.|
|OCI Audit Service||Use the OCI Audit Service to automatically record calls to all supported public application programming interface (API) endpoints throughout your tenancy as log events. The log events contains details such as the source, target, or time the API activity occurred. See Viewing Audit Service Logs, and Overview of Audit.|
|MySQL Enterprise Audit plugin||Use the MySQL Enterprise Audit plugin to produce a log file containing an audit record of server activity. The log contents include when clients connect and disconnect, and what actions they perform while connected, such as which databases and tables they access. You can add statistics for the time and size of each query to detect outliers. By default, audit plugin logs are disabled, and you have to define filters to enable logging all auditable events for all users. See Default MySQL Privileges, and MySQL Enterprise Audit Plugin.|
||By default, MySQL HeatWave Service supports
|In-transit encryption||Your data is always encrypted at rest. You can use in-transit encryption for a given user to secure your data. See Data Security.|
|Data masking||Use data masking to protect your sensitive data. See Data Masking.|
|Deletion plan||Use deletion plan to protect the DB system against delete operations. See Advanced Option: Deletion Plan.|
|Identity and Access Management||As a security administrator, assign minimum privileges to users. Use IAM policies to control access and use of MySQL resources. See IAM Policies.|
||MySQL HeatWave Service
enforces strong passwords with the
|Virtual cloud network (VCN)||