Building on its 25-year track record of securing customers' data, Oracle today introduced Oracle® Database Vault, the industry's most advanced security product to protect and limit access to sensitive data and applications. Oracle Database Vault enforces preventive controls to help meet compliance requirements by restricting powerful users, such as database administrators (DBAs), from unauthorized access to specific information.

The increasing need to mitigate insider security threats coupled with the growing number of regulatory and privacy mandates such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), Japan's Personal Information Protection Act and the European Union Privacy and Electronic Communications Directive, have made protecting data against unauthorized access a top priority. Oracle Database Vault is designed to help customers secure sensitive information from internal threats and to implement separation-of-duty mandates that require more than one person to complete a sensitive task. The product's flexible security controls also enable customers to implement incremental restrictions on data access even for regular users. The controls maintain high database performance without requiring changes to existing applications or administrators' routine responsibilities.

"It's critical that customers take measures to protect private and confidential information that resides in enterprise databases. Current threat levels are high, regulatory compliance is mandated in many countries, and the consequences of a significant data breach can result in substantial economic loss and damage to reputation," said Phil Schacter, vice president and group service director, Burton Group. "Better tools to implement strict access controls and enforce privacy policies will help customers avoid the embarrassment and other consequences of a compromised database."

The product's security mechanisms are based on realms and rules that further control the scope of an authorized user's access. Realms are established to encapsulate an existing application or a set of database objects inside a protection zone while rules further restrict operations based upon business specific operational requirements using environmental or domain-specific decision factors such as database, machine, IP addresses, time-of-day and authentication modes. For example, an organization can prevent an administrator from making changes to the database while outside of the corporate intranet and after normal working hours. Rules can also be applied to all SQL commands. Oracle Database Vault features a variety of detailed security reports that can be used by administrators to help satisfy auditors when undertaking compliance audits.

"Oracle is the only company poised to deliver database security technology that customers can use to prevent unauthorized administrator access to sensitive information," said Andy Mendelsohn, senior vice president of Oracle Database Server Technologies. "With Oracle Database Vault, organizations can easily increase the security level of an existing application without changing the application and still maintain high levels of performance. This improves security throughout the enterprise and helps reduce risks posed by insider threats."