Join David Yahalom for an in-depth discussion in this video Why database security is important, part of Oracle Database 12c: Security.
- [Instructor] Database security is one of the core peelers of a properly configured and robust database implementation strategy. For many organizations, the Oracle Database could hold a majority of your company's relational data, which makes the Oracle Database a very attractive target for hackers seeking high value data theft. If a single Oracle Database is compromised, potentially tens of millions of rich records can be stolen which may cost millions in reactive rich mitigation activities.
If your organization collects and stores data about suppliers, sales, customers, or other types of data that can be considered sensitive in nature, your Oracle Database is probably where some or all of the data is stored. There are usually two distinct types of sensitive data that is stored in your database. One, data that is corporate sensitive. This could be data on your suppliers, customers, sales, and so on.
If this data falls onto the wrong hands, it can severely damage your company's commercial success, and leak potentially sensitive corporate data to your competitors. You might have internal policies in your organization on how to protect certain data sets that are sensitive to your company. Your Oracle Database might be required to adhere to these corporate standards. But even if you don't have any internal regulations on how to protect your data, it makes sense that certain data sets stored in your Oracle Database should be very well-protected from theft and data leaks.
In addition, some data might be regulated or subject to strict privacy agreements. For example, User data, such as Social Security numbers, income, healthcare data, credit card numbers, and so on. While this data might not be sensitive to your company, it is most definitely sensitive to your users and should be protected. In addition, certain data sets and data assets are protected under governmental or regulatory standards.
For example, if you store healthcare-related data in your database, you're subject to compliance with the HIPAA standard. Or, if you store payment-type information in your database such as credit cards, you could be subject to PCI or Payment Card Industry standards. These standards for compliance, as well as many others, determine how you should protect your data and force you to implement strict database security to protect sensitive information that you store.
It's not an option. It's mandatory. If other people or hackers manage to get their hands on this type of data, you could be subject to legal action if privacy have been compromised. So, our bottom line is that it is extremely important to safeguard your most valuable data, and Oracle includes several built-in features that will allow you to implement a strong and robust data protection policy. In the next videos, we will review some of the most important concepts you need to know when it comes to database security, and throughout this course, I'll show you demos of these Oracle security features in action, and how to properly implement them in your own Oracle Database.
Learn how to identify the major risks and security threats, and review general best practices for properly protecting and "hardening" any production database. Then, dive into hands-on demos that show how to set up user accounts, the connection between users and schemas, database object and system permissions, and roles in a multitenant environment, as well as encrypt data, audit user actions, and access to sensitive information. Plus, find out how to enable data-at-rest security via the Oracle Transparent Data Encryption and backup encryption options.
- Core concepts of Oracle database security
- Potential threats to Oracle database security
- Authentication and authorization
- Auditing access
- Data encryption
- Users and permissions
- Database roles