Praveen Thakur, VP Technology ASEAN, Oracle Corporation
Praveen Thakur, VP Technology ASEAN, Oracle Corporation
Data security is today a more complex challenge than ever. From bringing your own devices to work to customized apps and more, every new innovation has in itself created new loopholes for exploitation. Throw in a more connected society than before with both consumers and businesses accessing all sorts of information on-the-go and you get the perfect set-up for hackers and data criminals to thrive in.
Indeed, we are living in an increasingly dangerous world of hackers, insider threats, organized crimes, and other groups intent on stealing valuable data. Information targeted for attack has included citizen data, intellectual property, financial information, government data, competitive bids, online transaction and credit card frauds. Attack methodologies include hacking of privileged user accounts, exploitation of application vulnerabilities, media theft, and other sophisticated attacks collectively known as Advanced Persistent Threats or APT.
The number and type of threats are ever increasing and CIOs still need a way to ensure that they can comprehensively detect all threats and/or prevent them. Many of the data breach investigation reports suggest that most of all breached records came from compromised database servers. This is where database security is especially important. Security and compliance requires a defense in depth, multi-layered, security model that includes preventive, detective, and administrative controls.
Oracle’s experience in database security has helped identify several key areas where organizations should take added steps to ensure their database is secure. These areas and the proposed solutions are outlined as follows:
Preventing Database Bypass
Database bypass threats target operating system files and backup media. Targeting these locations simplifies the job of the attacker. No database access is required, fewer audit records (if any are generated), and any associated database as well as application access controls are completely bypassed. One of the most widely used technologies to protect against database bypass threats is encryption.
There are two layers to this solution. The first is to implement Transparent Data Encryption (TDE) and data redaction capabilities, vital to protecting sensitive application data. TDE is easy to deploy and helps prevent unauthorized access to sensitive information via direct access to the operating system, backup media or database exports. Sensitive data such as credit card information or ID numbers can be automatically encrypted in storage.
The second layer is to deploy encryption and other security solutions centrally. Having a browser-based management console makes it easier to administer encryption keys, provision server endpoints, securely manage key groups and report on access to keys. Administrator roles can also be divided into key, system, and audit management functions for separation of duties for ease of management.
Reducing Sensitive Data Exposure
Limiting the distribution of and access to sensitive data is a well understood security principle. What has changed, however, is the realization that much tighter controls on access to sensitive data can be put in place without adversely impacting business operations. The goal is to reduce the attack surface by stopping the unnecessary proliferation of sensitive data beyond the boundaries of the consolidated database. The proliferation could be in the form of poorly designed applications that display sensitive data, copies of production data transferred to test and development environments, or shared with business partners. Regardless of the proliferation path, overexposure of sensitive data makes it easier for data breaches and other access violations to take place and go undetected.
Redaction is the process of scrubbing out data. In applications, data redaction provides selective, on-the-fly redaction of sensitive data in query results prior to display by applications. Oracle Advanced Security data redaction works similarly but on application data stored in the database. Because it is enforced inside the database, it is possible to consistently redact database columns across different application modules accessing the same data. Data redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage and it preserves the original data type and formatting when transformed data is returned to the application. Additionally, data redaction has no impact on database operational activities such as backup and restore, upgrade and patch, and high availability clusters.
When sharing sensitive data, it is important to mask data before it is moved. In development and test environments, data is moved from production to non-production environments where there is a risk of irreversibly replacing the original sensitive data with fictitious data so that data can be safely shared with IT developers or business partners. Here, application integrity should be preserved by maintaining data relationships across application tables. Having an end-to-end, automated, centralized library with out-of-the-box mask formats will help CIOs to more effectively conceal different types of sensitive data.
Locating and cataloging sensitive data is also important. In fact, knowing where your sensitive data reside is an important first step in deploying a defense in depth security model. While this can be a complicated challenge, having a tool to facilitate the process of locating sensitive data within an application and applying security controls on that data can help provide detailed lists of sensitive data for each application. Businesses could also choose to deploy tools that monitor the configuration of sensitive databases such as the Oracle Enterprise Manage Database Lifecycle Management Pack. Over 100 out-of-the-box policy checks can be easily run against existing database and custom configuration checks can be defined to supplement those provided by Oracle.
Preventing Application Bypass
While applications may be designed to provide strong controls through comprehensive role-based access control model, these controls may not necessarily be available when the privileged user accesses the database directly. A common characteristic of many cyber-attacks and data breaches is the unauthorized use of privileged user credentials with their far-reaching access inside the database. Some of these data breaches were perpetrated by insiders, while others were executed by hackers. Privileged user accounts inside the database and their unimpeded 24/7 access to application data create prime targets for hackers and exploitation by insiders. Protecting against attacks requires a defense-in-depth approach. The depth of the security controls required will depend on the application and sensitivity of the data.
Using privileged user controls, configuration controls and separation of duty controls will help prevent such data breaches and increase the security of the database. Controls can be configured to create a highly secure database environment, helping defend against attacks from both inside and outside the organization, and prevent unauthorized changes that may lead to audit findings or open doors to hackers.
Another method is to implement control operations inside the database, preventing unauthorized changes to production environments that may impact both the security posture and compliance. Unauthorized changes can significantly weaken database security and result in breaches. Such controls will also allow potentially dangerous operations to be blocked altogether or for verification checks to be done prior to access. Whatever the access levels may be, it is important to analyze and identify privileges used at run-time. Privileges identified as unused can be evaluated for potential revocation, helping to reduce the attack surface.
Detecting Threats from Inside and Outside
Satisfying compliance regulations and reducing the risk of security breaches are among the top security challenges businesses face today. Traditional perimeter firewalls play an important role in protecting data centers from unauthorized, external access, but attacks have grown increasingly sophisticated, bypassing perimeter security, taking advantage of trusted middle tiers, and even masquerading as privileged insiders.
Examination of numerous security incidents has shown that timely audits of data could have helped detect unauthorized activity early and reduced the resulting financial impact. Various studies and surveys have concluded that a sizeable percentage of data breaches have been perpetrated using insider credentials, typically one with elevated access to systems and its data.
This is why policy-based conditional auditing for simplified configuration and management works best. Audit policies encapsulate audit settings and audit conditions allow auditing to be accelerated based on conditions associated with the database session. For example, an audit policy can be defined to include audits on all actions outside a specific IP address and username. Out-of-policy connections can be fully audited while no audit data will be generated for others, enabling highly selective and effective auditing.
Developing Secure Applications
Most applications developed over the past 20 years use 3-tier architectures and connect as one big application user to the database. This shift in security models was driven by the Internet, the resulting ability to make applications easily accessible and the need to scale to thousands of users. At the same time, however, security requirements such as identity propagation, fine-grained security and auditing have become important security controls. Additionally, compliance and privacy regulations continue to emerge and threats to data continue to evolve. The number, size and frequency of data breaches seem to be accelerating.
Real application security provides a declarative interface that allows developers to define the data security policy, application roles, and application users with ease. It ensures uniform data security while securing end-user identity propagation – providing better security minus the performance trade-off.
Less headaches and more proactive measures against threats
Many Oracle customers in the government, banking and healthcare sectors have stringent requirements to follow. This is why newer and more robust security and compliance features were added to Oracle Database 12c. Here, the aim is to deliver what the industry needs – advanced security capabilities which include protective, detective and administrative controls. By providing a fully integrated security product/tool, businesses can make better decisions and take a more proactive approach towards preventing data crime.
