I would like to know if there is a way to hide sensitive information (assume data that could be used for insider trading, for instance) from DBAs in an Oracle 10g environment. Is Oracle Database Vault the right tool for the job, or is there something else I should be looking at?
A:
I am not really sure if you can really prevent an DBA from seeing the data of the database. If you want to be sure that they are not able to understand the data that is stored in the database, try encrypting them. If you are just concerned about being compliant with the rules and regulattions (like HIPAA and Sarbanes-Oxley) than go with Oracle (Database Vault seems the way to go) and ask an Oracle Consultant how to set the various switches to be compliant.
Google returned following pdf as one of the top results for Oracle Database Vault. It is a good document to start thinking about security.
Peter Schuetze
2010-01-20 13:46:11
My local Oracle office has been pushing Database Vault and often has .5 day workshops for managers and 1 day workshops for technical folks. The technical sessions have a lab where Database Vault is set up from scratch. If anyone has a local sales or technical office I would recommend asking their Sales Rep about it.
David Mann
2010-01-20 14:58:51
+1
A:
DB Vault will provide you with the functionality you are looking for, but you will still need someone (or group) who can act as an ultimate administrator. They will need to be very mildly technical, but certainly not a full-fledged Oracle DBA. I would also strongly recommend you use a consultant who specializes in security to design your implementation. A poor implementation can lead to a system as insecure as before DB Vault, or so complex that change or work comes to a halt.
You'll also want to make sure you use Tablespace Encryption, and I would suggest encrypting your backups as well (Oracle Secure Backup/OSB provides this functionality at the individual DB level as part of the software).
Mike S
2010-01-20 15:02:27