“Oracle Database Vault has
helped us limit access to our
clients’ sensitive financial data
and achieve the separation of
—Helen Sun, Manager of Decision Support
Services, Harbor Capital Advisors
“The Oracle Virtual Private Database feature allows us to control access to specific rows in a table,”
says Arup Nanda, senior director of database engineering for Starwood Hotels & Resorts.
Database security is not only a reliable way to protect information but also what auditors look for when assessing regulatory compliance.
“Companies are strengthening internal protections for
database security in response to regulatory drivers, as well as
systematic, comprehensive assessments of security in their
IT architecture,” says Trent Henry, research director for security and risk management practices for Burton Group, an IT
research and advisory firm.
“All database administrators know they are responsible for
protecting their databases from attack and unauthorized
access,” says Arup Nanda, senior director of database engi-
ORACLE DATABASE SECURITY
Oracle Database 11g addresses data security challenges from data
encryption, access control, and data classification to audit and
compliance reporting, secure deployments, and data masking.
The comprehensive portfolio of security options for Oracle Database 11g,
including Oracle Advanced Security, Oracle Database Vault, Oracle Label
Security, Oracle Data Masking, as well as Oracle Audit Vault, Oracle Total
Recall, and Oracle Configuration Management, helps organizations transparently safeguard against data breaches and ensure regulatory compliance without requiring changes to existing applications.
“Oracle has always stepped up to be among the leaders in adding protective capabilities,” Burton Group’s Trent Henry says. “The company also
works hard to introduce effective security properties in the platform.”
neering for Starwood Hotels & Resorts
Worldwide. Responsible for the company’s
corporate database strategy, Nanda oversees
more than 350 Oracle production databases.
Nanda must also ensure that the database infrastructure complies with numerous
regulations and that sensitive information
such as credit card and passport numbers are
protected. To do this, Nanda relies on Oracle
encryption technologies. Data is encrypted in
transit over the network to and from the applications, in the database, and on backup tapes.
Additionally, access to customer data at
Starwood is restricted on a need-to-know
basis. “The Oracle Virtual Private Database
feature allows us to control access to specific rows in a table,” he
explains. “If, say, John Smith manages an account, then he can
only see that account’s related records and nothing else.”
“Organizations shouldn’t inherently distrust DBAs or other
privileged users,” says Vipin Samar, Oracle’s vice president of
database security. “But in today’s highly regulated world, companies need to demonstrate that internal controls are in place
to keep data from being stolen or accidentally altered.”
Helen Sun, manager of decision support services at investment management firm Harbor Capital Advisors, agrees.
“Oracle Database Vault has helped us limit access to our clients’
sensitive financial data and achieve the separation of duties
necessary within our relatively small organization,” says Sun.
With Oracle Database Vault, organizations can implement
separation of duties, preventing even privileged database users
from accessing sensitive application information. Application
data is further protected using Oracle Database Vault’s multi-factor policies that control access based on built-in factors
such as time of day, IP address, application name, and authentication method, preventing unauthorized ad hoc access and
MEETING AND EXCEEDING REGULATIONS
There are different ways to approach compliance with the PCI
security standard. Women’s clothing retailer Dress Barn chose
a route that brought the required compliance and more.
“The approach we took was to analyze all the credit card
touchpoints in the corporation,” says Sam Lebron, Dress
Barn’s senior manager of enterprise Web architecture and