Use Oracle Data Safe with Autonomous AI Database
The script content on this page is for navigation purposes only and does not alter the content in any way.
Provides information on using Oracle Data Safe on Autonomous AI Database.
About Oracle Data Safe with Autonomous AI Database
Oracle Data Safe, which is included with Autonomous AI Database, provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle AI Databases.
Data Safe helps you to evaluate security controls, assess user security, monitor user activity, mitigate risk from compromised accounts, and address data security compliance requirements for your database. Data Safe accomplishes this by evaluating the sensitivity of your data and assisting you when you need to mask sensitive data for non-production databases.
Oracle Data Safe provides features to assist you when:
-
Your organization's policies require that you monitor your databases and retain audit records.
-
You need to protect against common database attacks coming from risks such as compromised accounts.
-
Your developers need to use copies of production data for work on a new application and you're wondering what kinds of sensitive information the production data contains.
-
You need to make sure that staff changes haven't left dormant user accounts on your databases.
Oracle Data Safe provides the following:
-
Security Assessment: Configuration errors and configuration drift are significant contributors to data breaches. Use security assessment to evaluate your database's configuration and compare it to Oracle and industry best practices. Security assessment provides reports on areas of risk and notifies you when configurations change.
-
User Assessment: Many breaches start with a compromised user account. User Assessment helps you spot the riskiest database accounts, those accounts which if compromised could cause the most damage. User Assessment helps you take proactive steps to secure these accounts. User Assessment Baselines make it easy to know when new accounts are added, or when an account's privileges are modified. You can use Oracle Cloud Infrastructure Events to receive proactive notifications when a database deviates from its baseline.
-
Data Discovery: Provides support to locate and to manage sensitive data in your applications. Data discovery scans your database for over 150 different types of sensitive data and helps you to understand what types and how much sensitive data you are storing. Use the data discovery reports to formulate audit policies, develop data masking templates, and create effective access control policies.
-
Data Masking Minimize the amount of sensitive data your organization maintains to help you meet compliance requirements and satisfy data privacy regulations. Data masking helps you remove risk from your non-production databases by replacing sensitive information with masked data. With reusable masking templates, over 50 included masking formats, and the ability to easily create custom formats for your organization's unique requirements, data masking can streamline your application development and testing operations.
-
Activity Auditing Activity auditing collects audit records from databases and helps you manage audit policies. Understanding and reporting on user activity, data access, and changes to database structures supports regulatory compliance requirements and can aid in post-incident investigations. Audit insights make it easy to identify inefficient audit policies, while alerts based on audit data proactively notify you of risky activity.
Note: One (1) million audit records per database per month are included for your Autonomous AI Database if using the audit collection for Activity Auditing in Oracle Data Safe.
-
SQL Firewall Management Protect against risks such as SQL injection attacks or compromised accounts. Oracle SQL FirewallFoot 1 is a security capability available with Oracle AI Database 26ai that offers best-in-class protection against these risks. The SQL Firewall feature in Oracle Data Safe lets you centrally manage and monitor the SQL Firewall policies for your target databases. Data Safe lets you collect authorized SQL activities of a database user, generate and enable the policy with allowlists of approved SQL statements and database connection paths and provides a comprehensive view of any SQL Firewall violations across the fleet of your target databases.
See Oracle Data Safe Overview for more information.
Register Autonomous AI Database with Oracle Data Safe
To use Oracle Data Safe you first need to register your database with Oracle Data Safe.
To get started, register your database:
-
Apply the necessary Identity and Access Management (IAM) permissions to register your target database.
See Permissions to register an Autonomous AI Database for more information.
-
If you are registering an Autonomous AI Database that is configured to use a private IP address, then you need to create an Oracle Data Safe private endpoint either before or during registration.
See Create an Oracle Data Safe Private Endpoint for more information.
-
Use the Oracle Data Safe Wizard to register your Autonomous AI Database instance.
See Register an Autonomous AI Database for details on the registration steps.
Use Oracle Data Safe Features
After you register Autonomous AI Database with Oracle Data Safe you can use the Data Safe features.
| Data Safe Feature | More Information |
|---|---|
| Security Assessment | Security Assessments are automatically scheduled once a week. Start by reviewing the security assessment report for your database: View the latest assessment for a target database. See Security Assessment Overview for more information. |
| User Assessment | User Assessments are automatically scheduled once a week. Start by reviewing the user assessment report for your database: View the latest user assessment for a target database See User Assessment Overview for more information. |
| Data Discovery | Start by discovering sensitive data in your database: Create Sensitive Data Models See Data Discovery Overview for more information. |
| Data Masking | To determine where sensitive data is stored in your database, run Data Discovery. After you know where sensitive data is stored in your database, you can create a masking policy: Create Masking Policies For example, after you create a masking policy you can make a copy of a production database and apply the masking policy to the non-production database: Mask Sensitive Data on a Target Database See Data Masking Overview for more information. |
| Activity Auditing | To use activity auditing, start the audit trail for your target database in Data Safe: Start an Audit Trail After the audit trail is started you can monitor and analyze your audit data with pre-defined audit reports: View a Predefined or Custom Audit Report See Activity Auditing Overview for more information. |
| SQL Firewall | SQL FirewallFoot 1 in Oracle Data Safe lets you centrally manage the SQL Firewalls and provides a comprehensive view of SQL Firewall violations across the fleet of your target databases. Data Safe lets you collect authorized SQL activities of a database user you wish to protect, monitor the progress of the collection, generate and enable the policy with allowlists of approved SQL statements and database connection paths. Start by enabling the SQL Firewall in your 26ai target database: Enable SQL Firewall On Your Target Database Next, you need to generate and enable a SQL Firewall policy with allowlists for the database user you wish to protect: Generate and Enforce SQL Firewall Policies. After you start enforcing the SQL Firewall policy, you can monitor and analyze the violations in the predefined violation reports: View and Manage Violations Reports. You can find more details on SQL Firewall at SQL Firewall Overview. |
Footnote Legend
Footnote 1: SQL Firewall is only available with Oracle AI Database 26ai.