Securing your Oracle database means getting up close and personal with the data. The data is the information that runs or is the foundation of the enterprise–whether financial, personally identifiable, trade secrets or simply proprietary. There are also compliance requirements that definitely do not come with a free get-out-of-jail card in case of a data breach.
The protection must focus on both internal detection of misuse, as well as from attack from a variety of outside threats. Oracle comes with a comprehensive array of security solutions and internal controls, but data managers need to be proactive and aware of the “triple-A” gatekeeping safeguards–authentication, access controls, and auditing:
Preventing authentication atrophy
Database managers need to recognize that default user accounts, passwords, and profiles can lead to complacency and pathways to data breaches. Do the following to keep database authentication measures strong:
Authentication measures also need to include a secure password policy for all users–application or non-application. The best resource for implementing a hardened password management policy is through a Virtual Private Database. Also, see this publication by the Center for Internet Security for best practices in creating strong passwords.
Controlling access based on job roles
It is easier to grant carte blanche access to every user than it is to assign and manage permissions based on job roles. However, nothing worth doing was ever easy. On the other hand, taking the trouble to grant only the access employees need to fulfill their job tasks actually simplifies security administration.
Consider the following steps for better access controls:
Establishing an ongoing auditing policy
Oracle database auditing is the equivalent of consistent security patrols in a warehouse of valuable material. The audits serve as early warnings to identify potential attacks, and they need to produce reports tailored to the organization’s specific needs. Oracle has built-in levels of auditing that monitor levels of access and activity, and they can protect especially sensitive personal and financial information.
Other proactive security assessments include:
Securing database information in the face of constant and, unfortunately, sometimes successful attacks against electronic information is a problem faced by organizations everywhere. Oracle database products provide the first line of defense with features that, when used appropriately, can keep your data safe.
However, a proprietary database can be a garden that must be constantly weeded to remove obsolete authentication levels and passwords. At the working level access authorization must match at least the level of job roles, but go no higher or wider. Finally, the old military saying that “the troops perform best what you personally monitor” applies to why a database needs constant auditing.
Read more about securing our Oracle database in this online Oracle Technical Primer.
A word from our Sponsor
Sysoft is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (416) 410-7268 or send us an email at firstname.lastname@example.org for more information.