25
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. Introducing Oracle Key Vault Centralized Encryption Key Management

Oracle Key Vault Overview

Embed Size (px)

DESCRIPTION

Security threats and increased regulation of sensitive information have expanded the use of encryption in the data center. As the number of servers that encrypt data expands, management of server encryption keys, certificates, and other secrets has become a challenge for enterprises. Introducing Oracle Key Vault, which enables customers to scale deployment of encryption and other security solutions that require key management by offering robust, central management of encryption keys, Oracle Wallets, Java Keystores and credential files. Highly optimized for Oracle Database with Oracle Advanced Security Transparent Data Encryption (TDE), Oracle Key Vault prevents loss of keys, secrets, and key storage files; mitigates forgotten passwords; and maintains consistent encryption key policies across the organization.

Citation preview

Page 1: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Introducing Oracle Key VaultCentralized Encryption Key Management

Page 2: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Page 3: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 3

Key Management Challenges Heard from Customers

Management Challenges

• Proliferation of encryption wallets and keys• Authorized sharing of keys• Key availability, retention, and recovery• Custody of keys and key storage files

Regulatory Challenges

• Physical separation of keys from encrypted data• Periodic key rotations• Monitoring and auditing of keys• Long-term retention of keys and encrypted data

Page 4: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 4

Regulatory Drivers

3.5 Store cryptographic keys in a secure form (3.5.2), in the fewest possible locations (3.5.3) and with access restricted to the fewest possible custodians (3.5.1)

3.6 Verify that key-management procedures are implemented for periodic key changes (3.6.4)

And more!

PCI DSS v3.0November 2013

4

Page 5: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 5

Key Management with Oracle Key Vault

• Centrally manage and share keys, secrets, Oracle wallets, Java keystores, and more

• Optimized for Oracle stack (Database, Middleware, Systems) and Advanced Security TDE

• Robust, secure, and standards compliant (OASIS KMIP) key manager

Page 6: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 6

Oracle Key Vault High-Level Architecture

Standby

Administration Console, Alerts,

Reports

Secure Backups

= Credential File

= Oracle Wallet

= Server Password= Java Keystore

= Certificate

Databases

Servers

Middleware

Page 7: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 7

Oracle Advanced Security Transparent Data Encryption (TDE)Oracle Wallet Scenarios

Single Instance

GoldenGate

Multiple DBs Same Machine

RACData Guard

Page 8: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Oracle Advanced Security Transparent Data Encryption (TDE)Direct Connection Scenarios

8

Single Instance

Multiple DBs Same Machine

RACData Guard

GoldenGate

Page 9: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Enrolling and Provisioning Endpoints

9

1. One-time enrollment token

2. Endpoint package

3. Endpoint installation and configuration4. Results: Endpoint

certificate, binaries and configuration file

5. Grouping

Page 10: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Oracle Key Vault Software Appliance Platform

• Turnkey solution based on hardened stack• Includes Oracle Database and security options• Open x86-64 hardware to choose from• Easy to install, configure, deploy, and patch• Separation of duties for administrative users• Full auditing, preconfigured reports, and alerts

10

Page 11: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 11

All Items View with Search and Sort

Page 12: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 12

Dashboard Summary of Operations

Page 13: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 13

Dashboard Summary of Endpoint and User Activity

Page 14: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 14

User Management and Separation of Duties

Page 15: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 15

Quick Summary of Servers

Page 16: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 16

Fine-Grained Server Details

Page 17: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 17

Server Groups for Sharing Keys and Ease of Administration

Page 18: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 18

Wallet Management

Page 19: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 19

Reporting and Alerting

Page 20: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 20

Summary of Oracle Key Vault

Modern, scalable, and robust key management

Secures, shares, and manages keys and secrets in the enterprise

Manages Oracle Wallets and Java Keystores

Optimized for Oracle Advanced Security TDE

Turnkey secure software appliance using Oracle technology

Open, based on industry standards

Engineered for the Oracle stack

Page 21: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 21

Oracle Database Security Solutions

Masking & Subsetti ng

Privileged User Controls

Encryption & Redaction

PREVENTIVE

Activity Monitoring

Database Firewall

Auditing & Reporting

DETECTIVE ADMINISTRATIVE

Privilege & Data Discovery

Configuration Management

Key & Wallet Management

Page 22: Oracle Key Vault Overview

Questions?

22

Page 23: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 23

Connect With Us

oracle.com/database/security

/OracleDatabase /OracleSecurity blogs.oracle.com/SecurityInsideOut

Oracle Database Insider /Oracle/database

blogs.oracle.com/KeyManagement

/OracleLearning

Page 24: Oracle Key Vault Overview

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. 24

Page 25: Oracle Key Vault Overview