NASHVILLE – Oracle unveiled two new database security technologies at the Collaborate '06 conference this week. The company says that Oracle Database Vault and Oracle Secure Backup are designed to thwart internal threats and automate and encrypt disk-to-tape backups. SearchOracle.com sat down with Mark Townsend, Oracle's senior director of database product management, to find out more about what these technologies do and how much they...
What made Oracle decide to create Database Vault?
Mark Townsend: We're seeing a lot of interest from our customers around security and compliance and what they need to do to be compliant with Sarbox requirements. It's also things like HIPAA and individual countries have equivalencies. So we're seeing more and more people wanting to drive into a compliant environment for regulatory reasons. A big part of that is actually ensuring privacy of the data and a part of that is making sure you eliminate the threat of insider access to data.
Are you saying that Database Vault is designed to protect against malicious company insiders?
Townsend: I guess it [does cover malicious company insiders] but we don't really attribute a lot of maliciousness to [insiders]. But if a DBA knows what your company's [financial] results are before you announce them, that's not a good place to be.
What exactly does Database Vault do?
Townsend: Database Vault is security technology that you can add to the database that allows you to come in and create what we call security realms. Security realms are basically a way of sandboxing off a database or parts of the database so that you can specifically control who has access. You can come in and say [that these particular] DBAs can come in and back up the database, but they can't actually see the data that is stored within this database. You can also do other things such as associate rules. You can say that end users have access to this data during these hours of the days from machines with these IP addresses. But if one of those end users tries to access this data outside of their working hours or from a different machine or maybe from a machine at home, then the Database Vault technology will actually step in and stop them from accessing. So it allows us to do that separation of duty, it allows us to build in the application rules, and the useful thing about it is that it is completely transparent to existing applications.
On which platforms can DBAs run Database Vault?
Townsend: It's going to be available on Linux within the next 30 days and it will follow on the other platforms in the first half of the fiscal year 2007. It will actually come out as an option to Oracle Database 10g release 2. It will be on the same version release train as the database going forward.
How much does Database Vault cost and what other requirements do users need to know about?
Townsend: The pricing is being set at $20,000 per [central processing unit]. The basic requirement is that you have to be on 10g release 2. There is an update to 10g release 2 that will ship in a little while that will include the Database Vault option.
What is Oracle Secure Backup?
Townsend: In Oracle Database 10g release 1, we automated disk-to-disk backup. In 10g release 2, we made that disk-to-disk backup highly secure, [and now] we're announcing Oracle Secure Backup. Out of the box Oracle Secure Backup provides disk to tape backup. It's fully integrated with the database. You use it with your existing backup tools that Oracle provides. It's available on Linux, Unix and Windows, and it talks to over 200 different tape devices and media management systems. Just in the same way as you can automate disk-to-disk, you can also automate disk-to-tape now too.
How do IT pros usually handle disk-to-tape backup?
Townsend: People are doing this already and often they'll use third party products [from Veritas, Legato and others]. We continue to work with those third party customers.
We've discussed the "Backup" portion of the new software. What about the "Secure" part?
Townsend: The secure part of that is that we also encrypt those tapes as they are created as well too. The reason that we're doing this is that typically people want to send these tapes offsite for escrow purposes or whatever. If somebody loses them or leaves them on a train, if people capture that tape they can't possibly restore it to a database of their own.
Industry analysts have said that Advanced Technology Attachment (ATA) drives are making a comeback. Do you see this happening in the marketplace?
Townsend: ATAs are definitely making a comeback. ATA drives are a fantastic target for disk backup because they are low cost. We're also seeing a lot of ATA storage starting to come into online databases because more people are keeping data around then taking it offline and archiving it in a separate environment.
How much does Oracle Secure Backup cost?
Townsend: The pricing is a little bit interesting. For customers with a single database doing a single backup, the product is actually free. When you start stepping up into the enterprise class, where you have multiple databases maybe backed up to multiple tape drives across the network, then we're charging $3,000 per tape drive.