Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy”

Published byKristopher Green Modified over 8 years ago

Similar presentations

Presentation on theme: "Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy”"— Presentation transcript:

1 Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy”

2 Private Clouds: Opportunity to Improve Data Security and Lower Costs Michał Jerzy Kostrzewa (Michal.Kostrzewa@Oracle.com) ECE Business Development Manager

3 Agenda Challenges of Securing Data Today Data Security in Cloud Environments Private v. Public Clouds Securing Database Clouds Q&A

4 Easy to Lose Track of Sensitive Data In Traditional Computing Environments Silos of dedicated hardware and software for each application Organizations typically unsure which silos contain sensitive data Securing every silo is too costly and complex Organizations typically protect the only shared resource - the network Data and database infrastructure vulnerable to attack from within the network perimeter

5 Data and Databases Vulnerable 28% uniformly encrypt sensitive data in all databases Data can be read/tampered with by any system user or admin with access to database files or storage 24% can prevent privileged database users from reading/modifying data Data can be accessed by DBAs or anyone with privileged database user credentials 44% allow database users to access data directly Users can by-pass application security policies to read or modify data directly within database 68% can not detect if database users are abusing privileges Database users can perform unauthorized activities undetected 66% not sure if applications subject to SQL injection Data can be manipulated by hackers who compromise applications 48% copy sensitive production data to non-production environments Data can be accessed by developers, testers, etc. The 2010 IOUG Data Security Report

6 Over 900M (92%) Breached Records from Compromised Databases Servers 48%involved privilege misuse 40%resulted from hacking 38%utilized malware 28%employed social tactics 15%comprised physical attacks 2010 Data Breach Investigations Report

7 Cloud Computing Environments Allow Securing Sensitive Data Efficiently Clouds are shared pools of standardized computing resources Oracle Exadata is a pre-integrated, highly optimized Database Cloud platform that maximizes ROI All data now managed in the Database Cloud - securing Database Clouds is not optional! Securing Database Clouds results in efficient and consistent protection for all data Database Clouds enable better security at lower cost and complexity

8 8 Exadata and Exalogic Extreme Performance, Engineered Systems Database and middle tier machines Unmatched performance, simplified deployment, lower total cost Building blocks for private and public PaaS

9 9 Oracle Exadata Extreme Performance Teradata 2650 Netezza TwinFin 12 Exadata Flash Disk 75 GB/sec Faster Than DW Appliances Faster query throughput Fastest disk throughput Much faster with Flash More Bandwidth than High-End Arrays Storage Arrays can’t deliver disk bandwidth No extra bandwidth from Flash No CPU offload No Columnar Compression No InfiniBand More Data Capacity More disk drives/rack Larger disk drives Much better compression Query Throughput GB/sec Uncompressed Data Single Rack Storage Data Bandwidth (Uncompressed GB/sec) Teradata 2650 Netezza TwinFin 12 Exadata EMC VMAX Systems with Equal User Data All with Largest Disks, Best Compression IBM XIV NetApp 6080 Exadata IBM DS8700 Hitachi USP V EMC VMAX 10 20 2.5 <6 Flash Disk 9 11 ??? 1.4x 3x 2-4x 75 GB/sec 10x

10 10 Oracle Exalogic Extreme Performance Internet Applications 12X improvement Over 1 Million HTTP Requests/Sec. FaceBook’s Web Traffic on 2 Full Racks Messaging Applications 4.5X improvement Over 1.8 Million Messages/Sec. All Chinese Rail Ticketing on 1 Rack Database Applications 1.4X improvement Almost 2 million JPA Operations/Sec. All E-Bay Product Searches on 1/2 Rack Exalogic Alternative

11 Biggest Barrier to Cloud Computing Adoption? Security! 74% 74% rate cloud security issues as “very significant” Source: IDC

12 Oracle Confidential12 The Reality of Cloud Computing Cloud Computing Often Confused with Outsourcing… Public Clouds Cloud operated by a vendor Security (and compliance??) becomes outsourced Not an option for certain organizations, industries Private Clouds Evolution of IT Services Still responsible for ensuring security and compliance Cost-effective option to protect data for all organizations!

13 13 Copyright © 2010, Oracle. All rights reserved Securing Database Clouds Defense In Depth Prevent access by non-database users Increase database user identity assurance Control access to data within database Audit database activity Monitor database traffic and prevent threats from reaching the database Ensure database production environment is secure and prevent drift Remove sensitive data from non-production environments

14 14 Disk Backups Exports Off-Site Facilities Oracle Advanced Security Protect Data from Unauthorized Users Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users Efficient application data encryption without application changes Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS Strong authentication of database users for greater identity assurance Application

15 15 Oracle Database Vault Enforce Security Policies Inside the Database Automatic and customizable DBA separation of duties and protective realms Enforce who, where, when, and how using rules and factors Enforce least privilege for privileged database users Prevent application by-pass and enforce enterprise data governance Securely consolidate application data or enable multi-tenant data management Procurement HR Finance Application DBA select * from finance.customers DBA Security DBA Application

16 16 Oracle Audit Vault Audit Database Activity in Real-Time Consolidate database audit trail into secure centralized repository Detect and alert on suspicious activities, including privileged users Out-of-the box compliance reports for SOX, PCI, and other regulations E.g., privileged user audit, entitlements, failed logins, regulated data changes Streamline audits with report generation, notification, attestation, archiving, etc. CRM Data ERP Data Databases HR Data Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor

17 17 Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM‘ where emp.title = ‘admin’ Transparently track application data changes over time Efficient, tamper-resistant storage of archives in the database Real-time access to historical application data using SQL Simplified incident forensics and recovery

18 18 Oracle Database Firewall First Line of Defense Policies Built-in Reports Alerts Custom Reports Applications Block Log Allow Alert Substitute Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. Highly accurate SQL grammar based analysis without costly false positives Flexible SQL level enforcement options based on white lists and black lists Scalable architecture provides enterprise performance in all deployment modes Built-in and custom compliance reports for SOX, PCI, and other regulations

19 19 Oracle Configuration Management Secure Your Database Environment Discover and classify databases into policy groups Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies Detect and event prevent unauthorized database configuration changes Change management dashboards and compliance reports Monitor Configuration Management & Audit Vulnerability Management Fix Analysis & Analytics Prioritize Policy Management AssessClassify Monitor Discover Asset Management

20 20 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Make application data securely available in non-production environments Prevent application developers and testers from seeing production data Extensible template library and policies for data masking automation Referential integrity automatically preserved so applications continue to work LAST_NAMESSNSALARY ANSKEKSL111 — 23-111160,000 BKJHHEIEDK222-34-134540,000 LAST_NAMESSNSALARY AGUILAR203-33-323440,000 BENSON323-22-294360,000 ProductionNon-Production Data never leaves Database

21 21 Oracle Database Defense In Depth Solution Summary Oracle Advanced Security Oracle Identity Management Oracle Database Vault Oracle Label Security Oracle Audit Vault Oracle Total Recall Oracle Database Firewall Oracle Configuration Management Oracle Data Masking Comprehensive – Transparent – Easy to Deploy – Proven!

22 22 Next Steps…. Protect sensitive data and database infrastructure ASAP! Database Clouds enable better security at lower cost and complexity Start evolving your existing IT infrastructure into a Private Cloud Secured Oracle Exadata servers provide the secure database cloud building block you need Securing your databases will allow you to outsource/take advantage of Public Clouds with less risk

23 For More Information oracle.com/database/security search.oracle.com database security

24 Q & A

25

26

Download ppt "Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy”"

Similar presentations

Extreme Performance with Oracle Data Warehousing

Extreme Performance with Oracle Data Warehousing
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
© Hitachi Data Systems Corporation 2011. All Rights Reserved. Hitachi Data Systems File and Content Services Solutions Presented to (Contact name) (Customer.

© Hitachi Data Systems Corporation All Rights Reserved. Hitachi Data Systems File and Content Services Solutions Presented to (Contact name) (Customer.
BalaBit Shell Control Box

BalaBit Shell Control Box
Oracle Exadata for SAP.

Oracle Exadata for SAP.
Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.

Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.
Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Oracle Database Security

Oracle Database Security
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.

11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Similar presentations

Ads by Google