Friday, December 22, 2023

Manage the security of your Amazon RDS for Oracle databases with Oracle Data Safe

We’re excited to announce that Oracle Data Safe service now delivers essential security services for Oracle databases running in Amazon Relational Database Service (RDS). With the addition of RDS support, Data Safe can help secure all Oracle Database deployments in Oracle Cloud Infrastructure (OCI), Oracle Cloud@Customer, third-party clouds like Microsoft Azure and Amazon Web Services (AWS), and on-premises.

Data security is one of the top concerns for business leaders due to compliance and never-ending security breaches. The security teams tasked with managing security for the Oracle databases face many challenges, including disparate standalone tools and proliferating databases on multiple clouds and on-premises. As a result, those databases can be vulnerable to more straightforward attacks. Oracle Data Safe provides customers with a solution that helps secure all of their Oracle databases, irrespective of where they are, whether they’re enterprise or standard edition, or if they’re running any of the currently supported releases of Oracle Database.

Data Safe helps you evaluate security controls, assess user security, and monitor user activity. It helps you address data security compliance requirements for your database by discovering sensitive data and masking sensitive data for nonproduction purposes. You can use Data Safe to spot gaps in security configurations, identify dormant user accounts, understand what sensitive information they store in their databases, protect sensitive data in test and development environments, and address audit data collection, retention, and reporting requirements.

Oracle Data Safe now supports Oracle Enterprise Edition and Oracle Standard Edition Two on RDS databases. With Data Safe support for Oracle Standard Edition databases, you can now access advanced security features such as data masking, previously available only to Enterprise Edition customers, helping you keep you data secure wherever it resides.

Data Safe helps secure all your Oracle databases in one place, eliminating the need to have multiple consoles or manage multiple instances. Oracle Data Safe has an easy-to-use cloud-based interface that requires no installation or maintenance.

Connect to Oracle Data Safe quickly and easily


You have two options for connecting your Oracle RDS database running in AWS to Oracle Data Safe.

Use private endpoints

If you already set up network connectivity between your Amazon RDS for Oracle databases and your OCI virtual cloud network (VCN), you can leverage that connection to register your database through a Data Safe private endpoint. The private endpoint represents the Oracle Data Safe service in your OCI VCN with a private IP address. The private endpoint must be able to call from your OCI VCN into the AWS VPC subnet for your target database.

Install a light-weight connector in an EC2 instance

Another easy way to register your database is through the Data Safe on-premises connector. You can install this connector on a Linux host in your AWS environment. The connector then establishes an encrypted TLS tunnel to Oracle Data Safe. You only need to deploy one connector to support multiple Oracle databases in your AWS tenancy.  

You can create the Data Safe private endpoint or the Data Safe on-premises connector before registering your database with Data Safe, or you can create them during registration.

Register your database with Oracle Data Safe


When you’ve decided which connectivity option to use, registering your database with Data Safe is easy with a dedicated registration guide:

Manage the security of your Amazon RDS for Oracle databases with Oracle Data Safe

Figure 1: Database registration guides

During registration, you must provide a database account for Data Safe to use to connect to your database. We provide a SQL script that you can run to grant the Data Safe user the necessary roles and privileges. Select which privileges to grant depending on which Data Safe features you want to use. You can learn more in the following resources:



Manage the security of your Amazon RDS for Oracle databases with Oracle Data Safe
Figure 2: Amazon RDS target registration wizard

Then, use the following steps:

1. Provide your database's target information, including the service name, the IP address and port number, and the Data Safe service account credentials you created on your database.

2. Connectivity option: Select whether you want to connect through a Data Safe private endpoint or a Data Safe on-premises connector. You can enter an existing private endpoint or connector you created previously or have one created.

3. Security rules: When using a Data Safe private endpoint, you must allow outgoing communication from the private endpoint within the VCN. The process can create the necessary egress rule for you. You also need to allow incoming communication for your database on AWS.

Your target database is now ready for Data Safe. Get started by reviewing the security and user assessment reports automatically scheduled during the registration. You can find them in the Data Safe Security Center under Security Assessment and User Assessment.

Manage the security of your Amazon RDS for Oracle databases with Oracle Data Safe
Figure 3: Security assessments in Data Safe

Related Posts

0 comments:

Post a Comment