Re: Alternative Products to Oracle Database Vault and Audit Vault

From: DA Morgan <damorgan_at_psoug.org>
Date: Fri, 06 Jun 2008 09:45:44 -0700
Message-ID: <1212770741.874969@bubbleator.drizzle.com>


prashk2005_at_gmail.com wrote:
> Daniel,
>
> Many thanks for throwing in that information.
>
> However I also want to find out if anyone else out there has got any
> experience in segregating roles (Database administration Vs Security)
> and tightening security for PCI Compliance using an alternative
> product on Oracle.
>
> I gather that RSA Database Security Manager can do such things on
> Oracle. Anyone used this product ?
>
> Our Management wants to look at alternative products as Oracle's
> quotes for Vault are quite pricey, in fact costlier than the Database
> offering itself.
>
> Thanks,
> PK

I have worked in a number of engagements where segregation of roles was mandated by auditors and legal. The good news ... technically it is a no-brainer. Getting humans to behave logically? Well that is quite another matter.

The issue of Data Guard alternatives goes something like this. Step 1: Have management put a price tag, in $ or your local business currency, on the damage that could be done if your data were stolen or misused.

Step 2: Write a clear and concise definition of what you need to achieve.

For example do you need to secure the data in the database? From what? Do you need to secure the archived redo logs? The flashback logs?
Your backups onsite? Offsite?

Step 3: Look at solutions for all of these challenges and be prepared to validate that they work well together.

The one advantage of the Oracle solution is that Oracle is responsible for making it all work together. Remember a backup that can not be restored using RMAN is nearly worthless.

 From my experience forcing management to do Step 1 makes the rest of the job much easier.

-- 
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Fri Jun 06 2008 - 11:45:44 CDT

Original text of this message