Manage Learn to apply best practices and optimize your operations.

Tips for auditing and securing database backups in Oracle

Auditing and securing database backups are two of the most overlooked aspects of database security. Learn more about them in this expert tip.

What are the most overlooked aspects of database security?
Two important facets of Oracle database security (or security for a database from any other vendor) that often get less attention than others, are definitely auditing and securing database backups.

No matter how hardened a system may be, there is always a way in. Most organizations spend the bulk of their time making it very difficult for an external attacker to gain access to their systems and data. While this is effort well-spent, we must assume that someone, someday, will be clever enough to break into our enterprise. It is after the intrusion that auditing is key to assessing and mitigating the compromise. A well-planned implementation of Oracle's native auditing capabilities can help us answer these questions:

  • What was compromised?
  • What was changed?
  • Where did the attack come from?
  • Can we rely on our current data?

Having this data available after an attack is critical to getting your data stores back to a state where you can trust the integrity of your system. Similarly, ensuring your backups are secure will help you address another aspect of information assurance: confidentiality.

Anyone can easily rebuild your database from your backups. Given that a great many companies choose to utilize a third-party backup storage company to house their backups, securing your database backups becomes crucial! There have been at least three major news stories last year regarding lost or stolen tapes -- even at the sites of high-end backup storage providers. Ensure that your backups are encrypted before they leave your organization's profession.

Many tape drives now offer encryption built into their hardware, and Oracle has been offering support for encrypted backups since 10gR2. In Oracle 11g, DataPump exports can also be natively encrypted (Note: DataPump's purpose is for moving data, not disaster recovery, but it can be handy to logically capture subsets of your data in certain circumstances). There are also many other third-party offerings for protecting your data. No matter which product you consider, allowing your backups to leave your organization without appropriate protection is an incredible risk.

Dig Deeper on Oracle database security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.