Oracle Locks DBAs in the VaultBy Lisa Vaas | Posted 2006-04-26 Email Print
WEBINAR: On-demand webcast
Next-Generation Applications Require the Power and Performance of Next-Generation Workstations REGISTER >
Oracle's new Database Vault technology restricts data access rights of even powerful users, while its new encryption technology, Secure Backup, encrypts data to tape.Oracle's new Database Vault technology restricts data access rights of even powerful users, while its new encryption technology, Secure Backup, encrypts data to tape.
Oracle introduced two new security tools on April 25: Database Vault, which restricts data access rights of even powerful users such as database administrators, and Secure Backup encryption technology, which ensures that even tapes that get lost or misplaced won't be readable by the wrong set of eyes.
Database Vault is designed to meet organizations' need to comply with regulatory and privacy mandates and related separation-of-duty mandates that require more than one person to complete a sensitive task. It's also designed to protect businesses against security threats from insiders.
Mark Townsend, Oracle's senior director of product management for the database, in Redwood Shores, Calif., said that customers are increasingly looking to be able to prove to auditors that they're on top of controlling data privacy.
"Databases hold [sensitive data such as] end-of-quarter results, etc.," Townsend said. "Companies need to be able to prove DBAs haven't had access to that information."
Database Vault has security controls that allow for incremental restrictions on data access. The product establishes realms that can encapsulate an application or a set of database objects inside a protection zone. Rules can also be set to restrict operations based on business-specific factors such as a particular database, a machine, IP addresses, time of day or authentication modes.
Thus, the software can be set up to prevent a DBA from changing the database from outside the corporate intranet or after normal working hours, for example.
"This is automated prevention where you can come into a large, existing database and say, 'This data over here, we want to make sure DBAs aren't seeing end-of-quarter results,'" Townsend said.
Read the full story on eWEEK.com: Oracle Locks DBAs in the Vault