Data Safe FAQ

FAQ topics

General

Why is this cloud service important for you?

Oracle Data Safe supports Oracle Cloud databases as well as Oracle on-premises databases. Whether working with on-premises or cloud databases, DBAs need to take measures to protect the enterprise data under their care.

Oracle Database Cloud Services provide different sets of security features based on database type and edition. Oracle Autonomous Database automatically takes care of several security concerns for customers including the following:

  • Network security and monitoring
  • OS and platform security
  • Database patches and upgrades
  • Administrative separation of duties
  • Data encryption enabled by default

However, even in the cloud, security is a shared responsibility between the provider and the user, and users still have to manage some things such as the following:

  • Additional database and data security controls
  • User accounts and the associated risk
  • Identifying and understanding sensitive data
  • Implementing controls to protect data at the appropriate level
  • Auditing user activities, and more

Oracle Data Safe addresses this with integrated data security functionalities accessible to any Oracle Cloud customer through a cloud-based control center. Oracle Data Safe combines information about users, data and data infrastructure to enable users to manage risks to their sensitive data.

What customer problems are addressed with Data Safe?

To protect your enterprise data, you need to be able to answer several questions such as:

  • Security and user assessment
    • Are my databases securely configured?
    • Do I have any highly privileged accounts that could pose a risk to my database?
    • Do I have gaps in my configuration strategy?
  • Sensitive data recovery
    • What types of sensitive data do I have?
    • How much sensitive data is stored in this database?
    • Where is my sensitive data located?
  • Data protection
    • How can I efficiently support test/dev and analytics without exposing sensitive data?
  • Audit
    • How can I manage the audit data collected from individual servers?
    • How can I centralize audit data to simplify reporting and event correlation?
    • How can I be alerted to inappropriate user activity?

What features does Oracle Data Safe include?

Data Safe allows customers to perform security and user assessments of their database and database users.

  • Security assessment allows customers to create and maintain security baselines. This enables rapid identification of configuration risks and facilitates consistent use of security controls across the enterprise.
  • User assessment helps customers understand their user risk profile. Over-privileged users are frequently targeted by cyberattackers to leverage their extensive set of privileges to mount data attacks.

Data Safe manages database server audit policies and securely collects, removes, and retains audit data from database servers.

  • Database audit policies can be centrally managed and configured.
  • If an attacker compromises a privileged user account, the attacker may also be able to alter or destroy the audit records for the database. Moving the audit data as quickly as possible to a secure centralized repository makes it difficult for attackers to hide their tracks.
  • Audit data can be retained for forensic and compliance purposes.

Data Safe discovers sensitive data in databases.

  • Common categories of sensitive data can be discovered by Data Safe so customers don't accidentally overlook some columns of sensitive data.
  • Sensitive data can then be masked by Data Safe to protect information in test databases.

Data Safe masks sensitive data in development and test databases.

  • Development and test databases need production-like data to modify and test applications. However, development and test databases aren't protected at the same level as production, and the sensitive data needs to be replaced in the database.
  • Masking needs to account for foreign/primary key mappings so that sensitive data used for linking data can remain consistent.

Data Safe dashboard allows customers to quickly assess and then drill down to review risk.

  • When alerts are received, the dashboard provides a quick overview of the data security status for the target databases.
  • Unusual dashboard activity can be drilled down to find specific issues.

What is the Oracle Data Safe user experience like?

The Oracle Data Safe control center provides an overview of risks associated with your users, sensitive data, and platform. Users select from various features available in the control center to assess users and security, search for sensitive data, manage audit policies, and mask data for use in test, development, and analysis.

We’ve worked hard to remove the complexity from database security, while at the same time giving you the flexibility to meet your security control objectives. The Data Safe user interface is intuitive and uses intelligent defaults. For example, it automatically recommends data masking techniques for the discovered sensitive data if you want to remove that sensitive data from a nonproduction copy of the database. If the defaults are adequate for your needs, you can complete the entire masking process—without typing a single line of code.

Can customers use this to meet compliance regulations such as GDPR?

Compliance laws such as the European Union (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) levy requirements on companies to safeguard the privacy of their customers. Data Safe helps you with your various compliance requirements such as identifying where sensitive data is located, masking sensitive data for nonproduction use, securely capturing audit data, and so forth.

What is the benefit of Data Safe for customers of Oracle Databases in the cloud?

The cloud requires a shared responsibility model for security. Oracle has highly automated tools to provide the Oracle portion of the shared security model, including network security and monitoring, OS and platform security, database patches and upgrades, administrative separation of duties, and data encryption by default. Customers are responsible for managing the security of data such as user permissions, protecting sensitive data, and setting up appropriate audit policies. Data Safe provides tools to help you with your portion of security management.

Data Safe offers a unique capability in the industry. By making these essential data security functionalities available to all Oracle Cloud customers, it sets a new standard for cloud database security.

Availability

In which regions is Data Safe available?

Data Safe is available in all regions where Autonomous Database is supported.

Which types of Oracle Databases are supported?

Data Safe works with the following Oracle Databases:

  • Oracle on-premises databases
  • Oracle Databases in the cloud
    • Autonomous Database Serverless
    • Autonomous Database on Dedicated Exadata Infrastructure
    • Exadata Database systems
    • Database Cloud Service on virtual machine
    • Database Cloud Service on bare metal
    • Oracle Database on a Compute Instance
  • Oracle Databases in third-party clouds like Azure or AWS

Is Data Safe available for on-premises databases?

Yes, we added support for on-premises databases in 2020.

Is Data Safe available for Cloud at Customer database deployments?

Support for Cloud at Customer databases is currently available in a Limited Availability program. Please contact us if you would like to participate or if you would like more information.

Is Data Safe available for Free Tier accounts in Oracle Cloud Infrastructure (OCI)?

Yes, you can try out Data Safe as part of the 30-day free trial OCI offering; all features are supported. Some limitations apply, see here for full details.

Getting started

How do I get started?

If you are using a cloud database on Oracle Cloud, getting started is easy.

What type of training is needed for my administrators to use Data Safe?

No prior specialized security expertise is needed. We’ve worked hard to remove the complexity from database security, while at the same time giving you the flexibility to meet your security control objectives. The Data Safe user interface is intuitive and uses intelligent defaults. If the defaults are adequate for your needs, you can easily run through all the features of Data Safe. And just in case you have a question, there is a comprehensive online help to guide you through the different features.

Using Oracle Data Safe

What are some of the security considerations with using Data Safe?

  • Data Safe is built on the next-generation security offered by Oracle Cloud Infrastructure (OCI).
  • For isolation, each customer's data is kept in a separate database. All access to customer's databases and Data Safe data is audited.
  • A Data Safe account must be created in target databases with appropriate privileges. For Autonomous Database customers, this is done automatically when registering the database with Data Safe.
  • Only your authorized users can access the Oracle Data Safe console. Depending on the extent of their access, they can be limited to certain features in Data Safe and to only one or more selected databases, or they can get access to security data for all your databases.
  • The security data about your databases always remains private to you.

What does it mean that Data Safe is included with a subscription to Oracle Databases in the cloud? What are the usage limits?

If you are a paid subscriber to any cloud database on Oracle Cloud Infrastructure, you can use Data Safe at no additional cost for these databases. You can store up to 1 million audit records per month per target database free of charge. If you exceed this limit, you may incur additional costs. In addition, we built in some limits to prevent abuse. You can find more information about usage and service limits here.

What is your audit data retention policy?

By default, we keep audit data for 12 months, but you can change the retention period if needed.

How do I get support for Data Safe?

As with all other services on Oracle Cloud Infrastructure, full support is included. You can submit your support requests through the Oracle Support portal using your Oracle Customer Support Identifier.

More information

I’d like to learn more about Data Safe—how can I keep up to date with the latest product news?

For more information, please see the Oracle Data Safe page on oracle.com. A variety of helpful information is available there, including the datasheet, technical briefs, and videos.