Download - Oracle Key Vault Overview
Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Introducing Oracle Key VaultCentralized Encryption Key Management
Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 3
Key Management Challenges Heard from Customers
Management Challenges
• Proliferation of encryption wallets and keys• Authorized sharing of keys• Key availability, retention, and recovery• Custody of keys and key storage files
Regulatory Challenges
• Physical separation of keys from encrypted data• Periodic key rotations• Monitoring and auditing of keys• Long-term retention of keys and encrypted data
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 4
Regulatory Drivers
3.5 Store cryptographic keys in a secure form (3.5.2), in the fewest possible locations (3.5.3) and with access restricted to the fewest possible custodians (3.5.1)
3.6 Verify that key-management procedures are implemented for periodic key changes (3.6.4)
And more!
PCI DSS v3.0November 2013
4
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 5
Key Management with Oracle Key Vault
• Centrally manage and share keys, secrets, Oracle wallets, Java keystores, and more
• Optimized for Oracle stack (Database, Middleware, Systems) and Advanced Security TDE
• Robust, secure, and standards compliant (OASIS KMIP) key manager
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 6
Oracle Key Vault High-Level Architecture
Standby
Administration Console, Alerts,
Reports
Secure Backups
= Credential File
= Oracle Wallet
= Server Password= Java Keystore
= Certificate
Databases
Servers
Middleware
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 7
Oracle Advanced Security Transparent Data Encryption (TDE)Oracle Wallet Scenarios
Single Instance
GoldenGate
Multiple DBs Same Machine
RACData Guard
Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Advanced Security Transparent Data Encryption (TDE)Direct Connection Scenarios
8
Single Instance
Multiple DBs Same Machine
RACData Guard
GoldenGate
Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Enrolling and Provisioning Endpoints
9
1. One-time enrollment token
2. Endpoint package
3. Endpoint installation and configuration4. Results: Endpoint
certificate, binaries and configuration file
5. Grouping
Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Key Vault Software Appliance Platform
• Turnkey solution based on hardened stack• Includes Oracle Database and security options• Open x86-64 hardware to choose from• Easy to install, configure, deploy, and patch• Separation of duties for administrative users• Full auditing, preconfigured reports, and alerts
10
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 11
All Items View with Search and Sort
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 12
Dashboard Summary of Operations
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 13
Dashboard Summary of Endpoint and User Activity
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 14
User Management and Separation of Duties
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 15
Quick Summary of Servers
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 16
Fine-Grained Server Details
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 17
Server Groups for Sharing Keys and Ease of Administration
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 18
Wallet Management
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 19
Reporting and Alerting
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 20
Summary of Oracle Key Vault
Modern, scalable, and robust key management
Secures, shares, and manages keys and secrets in the enterprise
Manages Oracle Wallets and Java Keystores
Optimized for Oracle Advanced Security TDE
Turnkey secure software appliance using Oracle technology
Open, based on industry standards
Engineered for the Oracle stack
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 21
Oracle Database Security Solutions
Masking & Subsetti ng
Privileged User Controls
Encryption & Redaction
PREVENTIVE
Activity Monitoring
Database Firewall
Auditing & Reporting
DETECTIVE ADMINISTRATIVE
Privilege & Data Discovery
Configuration Management
Key & Wallet Management
Questions?
22
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 23
Connect With Us
oracle.com/database/security
/OracleDatabase /OracleSecurity blogs.oracle.com/SecurityInsideOut
Oracle Database Insider /Oracle/database
blogs.oracle.com/KeyManagement
/OracleLearning
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 24