No reasons not to use Oracle Data Safe
For almost every organization, “data” is one of the most important assets. Government regulations are becoming stringent for very good reasons and so organizations are looking for a solution to improve their security posture by protecting their data.
The Oracle Cloud service called Data Safe is designed to protect your data (Autonomous Database, Oracle Base Database, on-premises, etc.), evaluates risks, monitors user activity, monitors security controls and more, all of this within a unified console, fully integrated with Oracle Cloud.
Sometime the cost of such a service might be a concern, but Oracle Data Safe is part of the Oracle Cloud Free Tier which allows you to use this service for up to 1,000,000 audit records per target per month. If you are ever collecting more than this limit, there is a $0.10 charge for every 10,000 records.
Data security is crucial, and with the information I have mentioned earlier, all the features of Data Safe we will explore and the fact it’s a cheap (not to say free) service, there is really no reasons not wanting to secure your data.
Configure your Oracle Cloud Database
In this example, we will use an existing Oracle Base Database. Oracle documentation is pretty clear on explaining the process for registering your Oracle Cloud Database. Oracle recommend creating a dedicated Oracle database user for Data Safe and in this example the user will be created in the pluggable database. Once the user is created, a script is available to grant the required roles, depending on the Data Safes features you would like to use. Using “ALL” will grant all the roles to the database user:
CREATE USER DATASAFE_ADMIN identified "password"
DEFAULT TABLESPACE "USERS"
TEMPORARY TABLESPACE "TEMP";
GRANT CONNECT, RESOURCE TO DATASAFE_ADMIN;
@datasafe_privileges.sql DATASAFE_ADMIN GRANT ALL -VERBOSERegister the Oracle Cloud Database in Data Safe
Now that we have the dedicated Oracle database user with the right privileges, we are now ready to use the OCI Console to register the pluggable database in Data Safe.
- Log into Data Safe homepage and click on “Register Database”
I’m logging in with a user part of the “OCI_Administrators” group.
2. Provide target database information
You will need to provide information like “Database type”, compartment where the database resides, a name and a description and confirm if the IP address of the database is private or public.
3. Data Safe Private Endpoint
If the database has a private IP address, Data Safe Private Endpoint will be required to connect Data Safe to your DB System using a private IP address. This link will explain how to create the private endpoint.
You will have to create rules in your Security List or to use Network Security Group (NSG) to allow communication between your target database and Data Safe.
This link explains the Private Endpoint creation process.
4. Provide target connection details
As the database has private IP address, we have to select the Data Safe Private Endpoint, the database service name, port, and credentials of the Data Safe user we have previously created.
5. End of the registering process
The registration process takes few seconds, and here is the status once the pluggable is registered.
Once the registration process is completed, Data Safe performs the first “Security assessment” and “User assessment”. By default, the assessment processes are schedule once a week.
Dashboard and next articles …
You can now explore the Data Safe Dashboard. In the next articles, we will explore the dashboard and we will go deeper in 2 of the Data Safe features which are “Security assessment” and User assessment”…
