Oracle Autonomous AI Database includes standardized, hardened security configurations that simplify management and lower operational costs across databases. It automatically applies security patches and updates and enforces encryption for data at rest and in transit, helping protect databases and data from costly and potentially severe vulnerabilities and breaches.

Autonomous AI Database reflects years of security development and supports the standard security features of the Oracle AI Database including network encryption, privilege analysis, Multifactor Authentication (MFA), centrally managed users, secure applications roles, robust auditing, transparent sensitive data protection, and others. Additionally, Autonomous AI Database adds Database Vault, Data Safe, Label Security, and other advanced security features at no additional cost for all workloads.

The following highlights a selection of these robust security capabilities:

• Autonomous AI Database meets a broad set of international and industry-specific compliance standards, and as part of Oracle Cloud Infrastructure Autonomous AI Database has achieved attestations for the common compliance frameworks providing an independent assessment of the service's security, privacy, and compliance controls.

  See Regulatory Compliance Certification for more information.

• Autonomous AI Database applies security patches automatically as soon as they become available. The automated patching process maintains a strong security posture without downtime and is one of the most direct ways to reduce risk.

  See Configuration Management for more information.

• Autonomous AI Database provides end-to-end encryption out of the box for the database, backups, and all network communication. All your data, including backups, are encrypted with AES256. You can use Oracle-managed or customer-managed keys to encrypt your data.

  See Manage Encryption Keys on Autonomous AI Database for more information.

• Autonomous AI Database is automatically configured to use industry-standard Transport Layer Security (TLS) to encrypt data in transit between the database service and clients or applications. You can use mutual TLS or one-way TLS connections.

  See Secure Connections to Autonomous AI Database with mTLS or with TLS.

• Autonomous AI Database provides several options to control client access to your database. You can use public endpoints with access control lists to specify which clients can connect. You can also use private endpoints to place the database in your VCN and use security lists and network security groups to control access to the database.

  See Client Access Control for more information.

• Autonomous AI Database provides automatic backups to ensure data reliability and recoverability. All backups taken and managed by Oracle are immutable that cannot be tampered with by the users in your tenancy.

  See About Backup and Recovery on Autonomous AI Database for more information.

• Autonomous AI Database provides several user authentication methods. You can use local database user names and passwords with optional Multifactor Authentication (MFA), which requires an additional verification step, or external authentication methods, including:

  • Oracle Cloud Infrastructure Identity and Access Management

  • Microsoft Active Directory

  • Azure Active Directory

  • Kerberos

  See Use Multifactor Authentication with Autonomous AI Database and Manage Users for more information.

• Separation of duties is automated since the direct access to the database node and local file systems has been removed. Additional separation is provided through Oracle Database Vault. These unique security controls restrict access to application data reducing the risk of insider and outsider threats. Oracle Database Vault can be configured to control access to specific schemas from privileged database users such as the ADMIN user.

  See Use Oracle Database Vault with Autonomous AI Database for more information.

• Autonomous AI Database provides robust auditing capabilities that enable you to track who did what on the service and on specific databases. There are policies preconfigured that monitor privileged user activity and logon failures. You can configure additional database auditing to audit all actions, such as access to specific objects, schema changes, logons by specific users, and much more.

  See Auditing Overview on Autonomous AI Database for more information.

• Data Safe monitors and assesses the secure configuration of the Autonomous AI Database. Data Safe helps evaluate data risks, discovers sensitive data, implement and monitor security controls, assesses user security and addresses data security compliance requirements and configuration drift.

  See Use Oracle Data Safe with Autonomous AI Database for more information.

• SQL Firewall is available with Autonomous AI Database to protect against risks like SQL injection attacks and compromised accounts. SQL Firewall is managed for your database with Data Safe and built into the Oracle AI Database 26ai kernel, where it inspects all incoming database connections and SQL statements.

  See About SQL Firewall for more information.

• Oracle Cloud Operators do not have authorization to access your data or any other information in your database schemas. When access to your database schemas is required to troubleshoot or mitigate an issue, you can allow a cloud operator to access your Autonomous AI Database schemas for a limited time.

  See Manage Oracle Cloud Operator Access for more information.

• Autonomous AI Database is governed by the Oracle Cloud Hosting and Delivery Policies which explain the Oracle Cloud Security Policy. See the Delivery Policies area on Oracle Contracts for more information.

• Autonomous AI Database is subject to the Oracle Cloud Security Testing policy, which describes when and how you may conduct certain types of security testing of Oracle Cloud Infrastructure services, including vulnerability and penetration tests and tests involving data scraping tools.

  See Security Testing Policies on Autonomous AI Database for more information.

See Security and Authentication in Oracle Autonomous AI Database for more information.