Introduction:
- Organizations rely on databases to manage their most critical asset the data. But if not well protected, this data could become their biggest liability.
- According to industry reports, almost one third of the attacks are performed by internal actors and over half of internal attacks are on databases.
- Sensitive data, such as personally identifiable information, personal financial information, and personal health care information, make databases attractive targets for hackers and even insiders who are looking to steal data for monetary, strategic or personal reasons or just to disrupt business.
- Organizations need to further secure their databases by understanding their own data, their own users, and their configurations.
- Oracle Data Safe is Oracle’s platform for securing data in databases. As a native Oracle Cloud Infrastructure service, Oracle Data Safe lets you assess the security of your database configurations, find your sensitive data, mask that data in non-production environments, discover the risks associated with database users, monitor database activity, and create and enforce SQL Firewall policies for users.
- Oracle Data Safe helps organizations to secure their data assets
- A single and unified database security control center
- No new infrastructure to manage
- No need for manual upgrades
- No special security expertise required
- Simple and powerful service that saves time and money
In this blog, we will walk through the steps to:
- Register Oracle AI Autonomous database with Oracle Data Safe using the wizard
- Access Oracle Data Safe and explore security center
Prerequisites:
- A free tier or paid Oracle Cloud account
- A provisioned Always free Autonomous 26ai database.
- An existing OCI compartment.
Task #1: Prepare your environment
1. Create IAM user group and assign IAM account to the group
1.1. From the navigation menu, select Identity & Security, and then Domains. Select the default domain.
1.2. Click the User management tab.
1.3. Scroll down, then click Create group button.
1.4. In Create group page, enter a name for the group (DataSafeGroup) and a description (User group for data safe).
1.5. Under Users section, search for the user for this demo and select the use.
1.6. Click Create button.
2. Create IAM policy for the user group
2.1. From the navigation menu, select Identity & Security, and then Policies. The Policies page is displayed. Change the compartment to the root compartment.
2.2. Click Create Policy button.
2.3. In the Create Policy page, enter a policy name and a description.2.4. Select the same compartment as Autonomous AI database.2.5. In the Policy Builder section, click Show manual editor and enter below statements. Use the same compartment as Autonomous AI database.
Allow group DataSafeGroup to manage data-safe-family in compartment {Compartment_Name}
Allow group DataSafeGroup to manage autonomous-database in compartment
{Compartment_Name}
2.6. Click Create button.
3. Load sample data into Autonomous AI database
3.1. Access SQL worksheet in the Database Actions.
3.2. Download sample data script load-data-safe-sample-data_admin.sql.
3.3. As the ADMIN user on the database SQL worksheet, copy the entire script and paste it into the worksheet, then click Run Script button.
3.4. To ensure the sample data is loaded successfully, review the row count for each table in the HCM1 schema.
Task #2: Register Autonomous AI Database with Oracle Data Safe
To use a database with Oracle Data Safe, you first need to register it with Oracle Data Safe. A registered database is referred to as a target database in Oracle Data Safe.
You have three options for registering Autonomous AI database into Data Safe:
- Use the Register link on the Autonomous AI Database page (one-click method with no interaction).
- Use the Autonomous AI Databases wizard on the Overview page for the Oracle Data Safe service (guided method with customization options).
- Manually register your target database from the Registered Targets page (advanced method without guidance).
We will use Autonomous AI Database Wizard option in this demo.
1. From the navigation menu, select Oracle AI Database, and then Data Safe - Database Security. The Overview page is displayed.
2. Under Autonomous Database tile, click Start Wizard.
3. On Register Autonomous Database page
3.1. Select your database from the drop-down list.
Notice the message at the bottom of the page: The selected database is configured to be securely accessible from everywhere. Steps 2 ('Connectivity option') and 3 ('Add security rule') are not necessary and will be skipped. If your database has a private IP address, the wizard will guide you through the process of configuring an Oracle Data Safe private endpoint and security rules.
3.2. Click Next button.
3.3. On the Review and submit page, review the information.
3.4. Click Register button. The Target database information page is displayed.
3.5. Wait for the target database status to turn to ACTIVE, which means your target database is fully registered.
Task #3: Access Oracle Data Safe and Explore Security Center
1. From the navigation menu, select Oracle AI Database, and then Data Safe - Database Security. Under Data Safe on the left, select Target Databases. Make sure to select the right compartment.
2. Under Security center on the left, click Dashboard and review the dashboard. Scroll down to view the security controls and feature charts. Make sure your compartment is selected under List scope. From the Target databases drop-down list, select your target database so that the data in the dashboard pertains to your target database only.
Oracle Data Safe features will be covered in separate blogs.
No comments:
Post a Comment