Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Entity–attribute–value model wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Relational model wikipedia , lookup
Oracle Database wikipedia , lookup
ContactPoint wikipedia , lookup
Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy” Private Clouds: Opportunity to Improve Data Security and Lower Costs Michał Jerzy Kostrzewa ([email protected]) ECE Business Development Manager Agenda • • • • • Challenges of Securing Data Today Data Security in Cloud Environments Private v. Public Clouds Securing Database Clouds Q&A Easy to Lose Track of Sensitive Data In Traditional Computing Environments • Silos of dedicated hardware and software for each application • Organizations typically unsure which silos contain sensitive data • Securing every silo is too costly and complex • Organizations typically protect the only shared resource - the network • Data and database infrastructure vulnerable to attack from within the network perimeter Data and Databases Vulnerable The 2010 IOUG Data Security Report 28% uniformly encrypt sensitive data in all databases Data can be read/tampered with by any system user or admin with access to database files or storage 24% can prevent privileged database users from reading/modifying data Data can be accessed by DBAs or anyone with privileged database user credentials 44% allow database users to access data directly Users can by-pass application security policies to read or modify data directly within database 68% can not detect if database users are abusing privileges Database users can perform unauthorized activities undetected 66% not sure if applications subject to SQL injection Data can be manipulated by hackers who compromise applications 48% copy sensitive production data to non-production environments Data can be accessed by developers, testers, etc. Over 900M (92%) Breached Records from Compromised Databases Servers 48% involved privilege misuse 40% resulted from hacking 2010 Data Breach Investigations Report 38% 28% 15% utilized malware employed social tactics comprised physical attacks Cloud Computing Environments Allow Securing Sensitive Data Efficiently • Clouds are shared pools of standardized computing resources • Oracle Exadata is a pre-integrated, highly optimized Database Cloud platform that maximizes ROI • All data now managed in the Database Cloud - securing Database Clouds is not optional! • Securing Database Clouds results in efficient and consistent protection for all data • Database Clouds enable better security at lower cost and complexity Exadata and Exalogic Extreme Performance, Engineered Systems • Database and middle tier machines • Unmatched performance, simplified deployment, lower total cost • Building blocks for private and public PaaS 8 Oracle Exadata Extreme Performance • Faster Than DW Appliances Query Throughput 75 GB/sec GB/sec Uncompressed Data Single Rack Flash • Faster query throughput • Fastest disk throughput • Much faster with Flash 20 Teradata 2650 • More Bandwidth than High-End Arrays • Storage Arrays can’t deliver disk bandwidth • No extra bandwidth from Flash • No CPU offload • No Columnar Compression • No InfiniBand • More Data Capacity • More disk drives/rack • Larger disk drives • Much better compression Disk 10 Netezza TwinFin 12 75 GB/sec Storage Data Bandwidth (Uncompressed GB/sec) <6 IBM XIV NetApp 6080 IBM DS8700 Flash 11 ??? Hitachi USP V EMC VMAX 9 2.5 Systems with Equal User Data Disk Exadata 10x All with Largest Disks, Best Compression 3x Exadata 2-4x 1.4x Teradata 2650 EMC VMAX Netezza TwinFin 12 Exadata 9 Oracle Exalogic Extreme Performance • Internet Applications • 12X improvement • Over 1 Million HTTP Requests/Sec. • FaceBook’s Web Traffic on 2 Full Racks Exalogic Alternative • Messaging Applications • 4.5X improvement • Over 1.8 Million Messages/Sec. • All Chinese Rail Ticketing on 1 Rack Exalogic Alternative • Database Applications • 1.4X improvement • Almost 2 million JPA Operations/Sec. • All E-Bay Product Searches on 1/2 Rack Alternative Exalogic 10 Biggest Barrier to Cloud Computing Adoption? Security! 74% 74% rate cloud security issues as “very significant” Source: IDC The Reality of Cloud Computing Cloud Computing Often Confused with Outsourcing… Public Clouds • Cloud operated by a vendor • Security (and compliance??) becomes outsourced • Not an option for certain organizations, industries Private Clouds • Evolution of IT Services • Still responsible for ensuring security and compliance • Cost-effective option to protect data for all organizations! Securing Database Clouds Defense In Depth Prevent access by non-database users Increase database user identity assurance Control access to data within database Audit database activity Data Monitor database traffic and prevent threats from reaching the database Ensure database production environment is secure and prevent drift Remove sensitive data from non-production environments 13 Copyright © 2010, Oracle. All rights reserved Oracle Advanced Security Protect Data from Unauthorized Users Disk Backups Application Exports Off-Site Facilities • Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users • Efficient application data encryption without application changes • Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS • Strong authentication of database users for greater identity assurance 14 Oracle Database Vault Enforce Security Policies Inside the Database Security DBA Procurement Application Application DBA HR Finance select * from finance.customers DBA • Automatic and customizable DBA separation of duties and protective realms • Enforce who, where, when, and how using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass and enforce enterprise data governance • Securely consolidate application data or enable multi-tenant data management 15 Oracle Audit Vault Audit Database Activity in Real-Time ! HR Data CRM Data ERP Data Databases Audit Data Alerts Built-in Reports Custom Reports Policies Auditor • Consolidate database audit trail into secure centralized repository • Detect and alert on suspicious activities, including privileged users • Out-of-the box compliance reports for SOX, PCI, and other regulations • E.g., privileged user audit, entitlements, failed logins, regulated data changes • Streamline audits with report generation, notification, attestation, archiving, etc. 16 Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM‘ where emp.title = ‘admin’ • Transparently track application data changes over time • Efficient, tamper-resistant storage of archives in the database • Real-time access to historical application data using SQL • Simplified incident forensics and recovery 17 Oracle Database Firewall First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Reports Custom Reports Policies • Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. • Highly accurate SQL grammar based analysis without costly false positives • Flexible SQL level enforcement options based on white lists and black lists • Scalable architecture provides enterprise performance in all deployment modes • Built-in and custom compliance reports for SOX, PCI, and other regulations 18 Oracle Configuration Management Secure Your Database Environment Monitor Discover Asset Management Classify Policy Management Assess Prioritize Vulnerability Management Fix Configuration Management & Audit Monitor Analysis & Analytics • Discover and classify databases into policy groups • Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies • Detect and event prevent unauthorized database configuration changes • Change management dashboards and compliance reports 19 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 60,000 BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000 Data never leaves Database • Make application data securely available in non-production environments • Prevent application developers and testers from seeing production data • Extensible template library and policies for data masking automation • Referential integrity automatically preserved so applications continue to work 20 Oracle Database Defense In Depth Solution Summary • Oracle Advanced Security • Oracle Identity Management • Oracle Database Vault • Oracle Label Security Data • Oracle Audit Vault • Oracle Total Recall • Oracle Database Firewall • Oracle Configuration Management • Oracle Data Masking Comprehensive – Transparent – Easy to Deploy – Proven! 21 Next Steps…. • Protect sensitive data and database infrastructure ASAP! • Database Clouds enable better security at lower cost and complexity • Start evolving your existing IT infrastructure into a Private Cloud • Secured Oracle Exadata servers provide the secure database cloud building block you need • Securing your databases will allow you to outsource/take advantage of Public Clouds with less risk 22 For More Information oracle.com/database/security search.oracle.com database security