This was a good talk and the focus was on securing data in the database and not just a checklist based approach. I covered the core areas to look at to secure and then placed context based security on top of that. Then showed where DV fits. I also showed hacking of my database and what happens when we deploy DB out of the box and also with a realm and even a mandatory realm. We also showed examples of achieving some of DV without DV; i.e. good practice and simple coding. The other key message is that Database Vault itself is an application and its use must be designed and planned and of course Database Vault itself must also be secured in the core database. The main message though, if you want to use DV in your database is:
- Secure the core database first
- Achieve some of the methods/features of DV first, i.e. stop using SYS, SYSTEM, DBA, %ANY%
- Design your DV implementation first to be as simple and consistent as possible
- Implement DV
- Secure DV itself
- Monitor DV and check its meta data against your security designs
Have a look at the slides which are just released to our site
#oracleace #23c #oracle #database #security #databasevault #dv #UKOUG #UKOUGConference23 #UKOUG23 #UKOUGConf23 #OracleExperts
