Enterprise data is increasingly under threat from malicious attacks, and regulations such as the EU’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) require organizations demonstrate stronger controls to protect sensitive data. At the same time, most organizations are considering moving mission critical systems, such as Oracle E-Business Suite to the cloud for operational efficiencies, cost savings and security.
Because security and compliances, such as GDPR, are virtually impossible to add after a system is built, the best and most efficient way to ensure GDPR compliance is when migrating to the Cloud. This way all the necessary security controls can be built into the architecture from the ground up. All associated testing and change management procedures can be enhanced and verified without impact to the existing on-premises environment. The latest Oracle Cloud Security applications, such as Oracle Cloud Guard, can be leveraged with little efforts.
Oracle has truly made security a priority, meaning compliance is just a step away. When you “Lift and Shift” your environment to OCI with Arisant, our Oracle and Security experts will ensure that once the project is completed, worrying about security and GDPR audits is a thing of the past. From the outset, the Oracle Cloud (OCI) offers a multi-layered, defense-in-depth approach providing customers with evaluative controls for assessing the security posture of their databases and sensitivity of their data, preventive controls to block unauthorized access to data, detective controls to monitor user and application data access behavior, and data driven security to enforce user-and application-level data access controls at the source, within the database. These controls protect enterprise data both on-premises and in the Oracle Cloud and include:
- Transparent Data Encryption protects against threats that target database storage and backup media devices. Encryption can be easily applied to entire tablespaces or to individual sensitive columns.
- Dynamic Data Masking with Oracle Data Redaction helps protect sensitive data in production applications by enforcing controls inside the database that redact data before it is returned to the application.
- Privilege Analysis records the use of privileges and roles in order to help remove unneeded privileges that unnecessarily expand the risk of a compromised database account.
- Database Vault provides separation-of-duties and trusted-path access models that further reduce the risk of compromised database accounts.
- Unified Audit offers customers an auditing architecture that is both policy-based and context- aware, complete with roles for managing auditing policies and the viewing of audit data.
- Active Directory Integration directly connects the database to Microsoft Active Directory for authentication and authorization of users, eliminating the need to connect via Oracle Directory Services.
- Management of Encryption Keys certificates, wallets, and credentials has become a vital part of an organization’s security ecosystem. Oracle Key Vault is a secure key management platform that helps facilitate the deployment of encryption throughout the enterprise, both on-premises and in the Cloud.
Creating a GDRP-Compliant Security Program
Assessing your Database Configuration is an essential part of your security program, and the Database Security Assessment Tool (DBSAT) helps customers identify areas where their Oracle databases may be at risk and recommends changes and controls to mitigate those risks. New this year are enhanced DBSAT configuration checks that cross reference findings with the EU GDPR as well as widely used security standards like the Center for Information Security (CIS) Benchmarks and the US Defense Information Security Agency (DISA) Secure Technical Implementation Guides (STIGs). Also new this year as the DBSAT Sensitive Data Discovery module, which allows our customers to quickly find the location, type, and quantity of sensitive data contained in their databases, and provides actionable reports with prioritized recommendations to quickly address potential vulnerabilities.
Arisant’s GDPR and CCPA Solution Options
As is the case with IT Security, security is applied in multiple layers and the more layers the better and the more robust is the security. Each layer is providing a barrier that must be compromised to violate the associated security controls. Arisant’s recommendations are aligned with Oracle’s Defense In-Depth defense strategy as it applies to Databases as well as how the principles apply to Oracle E-Business Suite, Oracle Fusion Middleware and Oracle Cloud Infrastructure System and Application components as part of the EBS Architecture and associated Use Cases.
The options are rated Gold, Silver and Bronze. Each designation rates the robustness of the security solution option, not if the option meets GDPR requirements or not. The Bronze option is Arisant’s “like for like” to the OCI option and the Silver and Gold options both meet all the GDPR security requirements. They implement all technical controls with a high degree of robustness with Gold being more Out of the Box, requiring less manual maintenance and provides the best security posture overall. Silver offers almost all the same amount of security controls and robustness but includes open source software and require additional custom configuration and support – Thus making it slightly less robust.
Understanding the risks and benefits of the software solution you choose to implement is the first step in determining if you need to reconsider your current IT solution. Whether you’re deciding to move to the public cloud for the first time or upgrading current software, an expert consultant at Arisant can assist you in navigating the difficulties of achieving and maintaining GDPR and CCPA compliance. Contact the experts at Arisant at 303-330-4065 or fill out the contact form below.