The rise of cloud adoption has come with a parallel rise of cloud security posture management (CSPM) as a tool to help organizations manage the security of their cloud tenancies. It’s no wonder that Oracle Cloud Guard has been so well received in the last year, with its improved visibility to identify misconfigured resources, possible vulnerabilities with Oracle Cloud Infrastructure Vulnerability Scanning Service (OCI VSS), and insecure activities across tenants. With Cloud Guard, security administrators can identify, prioritize, and remediate issues before they get out of control.
At the same time, organizations rely on databases to manage their most critical asset: the data. But if that data is not well protected, it can become a big liability. Today, Cloud Guard already monitors database configurations with detectors that check for public access of databases, databases without automatic backups, or possible problems when databases do not have the latest patches. Some existing database-specific detectors include identifying if:
◉ an automatic backup isn't enabled for a database
◉ an available database patch has not been applied within your specified number of days
◉ a database system has a public IP address assigned
◉ a database is publicly accessible
◉ an available database system patch has not been applied.
◉ a database is running on an unsanctioned software version
There are additional aspects you should consider to further strengthen your databases security posture. You should make sure your databases are configured securely, you should understand your users, and you should monitor critical database activities and protect any sensitive data you are storing in your databases. Oracle is helping to address these challenges with Oracle Data Safe. Data Safe provides essential security capabilities for your Oracle databases, whether they are running on-premises, in the cloud, or in Oracle Cloud@Customer deployments. Data Safe empowers organizations to assess configuration risks, evaluate database users, manage audit settings, analyze database activity, discover sensitive data stored in databases and mask sensitive data for use in non-production copies of databases – all in a single, unified console.
Oracle Cloud Guard has continued to expand its capabilities through integration with other services like Certificates, Bastions and Vulnerability Scanning Service, and we are excited that there is now an integration with Oracle Data Safe as well. Where Cloud Guard watches for security concerns in the cloud infrastructure, Data Safe provides a single security tool to monitor the security posture of your databases. The integration of the two services allows customers to get not just visibility of database configurations but further data security monitoring.
New detectors called “Data Safe is not enabled” and “Database not registered with Data Safe” allow customers to confirm that Data Safe is enabled and that their cloud databases are being monitored by Data Safe. For the latter detector, the Cloud Guard problem summary will indicate the list of cloud databases that are not yet registered in Data Safe. Registering databases in Data Safe (cloud and on-premises) takes only a few minutes and is easy and convenient with target registration wizards that guide you step-by-step through the process. And while the Cloud Guard detector only indicates any cloud database that is not yet registered, you can easily register your on-premises databases as well, helping you to achieve a fleetwide view of database security. After registration, you will get immediate visibility on some potential risks, including misconfigurations, as well as an overview of all highly privileged accounts across your database fleet.
Posts
0 comments:
Post a Comment