Back

Oracle 12c Security Transparent Sensitive Data Protection Tutorial

What is Oracle 12c Transparent Sensitive Data Protection?

Transparent Sensitive Data Protection (a 12c new feature) leverages the Virtual Private Database facility (available since release 8i) and the the Data Redaction facility (introduced in release 12.1.)  TSPD eases the process of implementing and managing either VPD or Redaction.

This tutorial will go through the old way of doing things with VPD: it was always a mission to set up, and because it operates at the row selection stage, sometimes hard to tune. Then we’ll look at Data Redaction: in some ways simpler than VPD, and because it operates at column projection stage, possibly better performing.

Everything discussed is Enterprise Edition, but no need to licence any additional options.

Presented by Oracle Certified Master John Watson, SkillBuilders’ Director of Oracle Database Services.

Limited Time Complimentary eBook, Securing Oracle Database 12c

Are you an Oracle DBA who wants to protect your databases? Register now for the complimentary eBook and learn about Oracle Database Security from the experts who brought you the #1 database in the world. http://www.mhprofessional.com/dbsec

This free training is segmented into several separate lessons:

  1. Oracle 12c Security Tutorial Introduction (1:58)
  2. Oracle 12c Security Tutorial-Agenda (4:38) (click on video below)
  3. Review Oracle Virtual Private Database (12:29)
  4. Oracle Virtual Private Database FAQ (4:48)
  5. Oracle12c Data Redaction (6:52)
  6. Oracle12c Data Redaction FAQ (1:11)
  7. Oracle 12c Transparent Sensitive Data Protection TSDP (9:51)
  8. Oracle 12c Security Tutorial Summary (1:41)

Date: Sep 18, 2013


NOTE: Some corporate firewalls will not allow videos hosted by YouTube.


Transcript

Oracle 12c Security Tutorial-Agenda

Oracle Database 12c Security

 

Session 2 – Tutorial Agenda

 

[music]

 

>> John:  Thank you. Thank you, David. Good afternoon, good morning, depending on the time zone, everybody. I’ll run through now what I want to cover in this short session. 

 

First, I’m going to go through the Virtual Private Database. Virtual Private Database also known by several other acronyms, some people actually refer to it as Row-Level Security. Other people use Fine Grained Access Control. So, VPD RLS FGAC. 

 

[pause]

 

A powerful facility. It’s also bundled up by the way as Label Security. It was first introduced in release 8i and it’s just about works. But back then it’s had serious performance problems. Furthermore, it wasn’t really suitable at all for a web environment. I think many people – myself included – tried it back with 8i and thought this doesn’t work and gave up. However, in the later releases, particularly with changes that came in with 10g, it’s become a very powerful capability indeed which I strongly advice everybody to look at. 

 

VPD – we’ll have a look at VPD – I should point out, it’s Enterprise Edition. Then we’ll move on to a 12c feature, your data redaction newly released 12.1. Positioning data redaction against VPD there is, as far as users are concerned, considerable functional overlap. But the underlying technology is in fact completely different. The protection you get with data redaction is not as comprehensive as that provided by the VPD. 

 

In some cases, my attempt to reverse engineer it found it may be possible circumvented in certain circumstances if the user [1:58 inaudible] privilege position. But compared to VPD, it is not simple to implement and I don’t believe they’re only performance issues. Redaction is licensed as part of the advanced security option from 12c onwards. 

 

[pause]

 

Thirdly, a brief mention of data masking. I don’t think I’m going to have time to demonstrate data masking but for completeness I do want to mention it, because again there’s an overlap with data redaction, with Virtual Private Databases, all in the same sort of area. But I won’t have time to demonstrate that, I don’t think. 

 

The data masking briefly then, unlike the other two, data masking actually changes data. Virtual Private Database restricts the data that people see. Data redaction conceals or hides the data. A subtle difference there. Data masking actually changes the data in the database and it’s a permanent change. That makes it suitable for long production systems. All those clones you’d make. 

 

When you clone your databases to test systems, the development systems, the DSS query systems and so on, you have to clean the data. You have to remove all the personal references so that people can’t see any of the personal indicators as you move your data from production to the warehouse for redaction development. That’s where data masking comes in. A permanent change makes the data typically on cloned systems it’s generated from your production boxes. 

 

The reason I won’t have time to demonstrate it is that with 12c it is pretty awkward. One data masking came in with 11g. There was a very nice graphical interface provided with 11g database control and no PL/SQL interface. With release 12c, database control no longer exists and there’s not a data masking interface provided with database express. So to get data masking functioning nowadays, you need either grid control or cloud control. I don’t think I’m going to have time to switch over to that environment. But, remember, it’s there and those overlap with the other two functions. 

 

Then lastly, we’ll move on to Transparent Sensitive Data Protection, TSDP. 

 

[pause]

 

TSDP is a very good frontend, simplified the pain of implementing VPD or data redaction. So what I’ll run through is VPD, redaction, and then Transparent Sensitive Data Protection, which will make it so much easier to configure.

 

Copyright SkillBuilders.com 2017

×
Free Online Registration Required

The tutorial session you want to view requires your registering with us.

It’s fast and easy, and totally FREE.

And best of all, once you are registered, you’ll also have access to all the other 100’s of FREE Video Tutorials we offer!

 

×
Podcast
×