Because of how valuable your data is, protecting it against theft and unauthorized use is perhaps your biggest challenge. Databases need more security than the bare minimum.   In this episode, Lois Houston and Nikita Abraham, along with Greg Genovese, talk about how Oracle’s data-driven security features work together to create a maximum security architecture.   Oracle MyLearn: https://mylearn.oracle.com/ Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ Twitter: https://twitter.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Ranbir Singh, and the OU Studio Team for helping us create this episode.   ---------------------------------------------------------   Episode Transcript:   00;00;00;00 - 00;00;38;18 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started. Hello and welcome to the Oracle University Podcast. I'm Lois Houston, Director of Product Innovation and Go to Market Programs with Oracle University, and with me is Nikita Abraham, Principal Technical Editor.   00;00;38;20 - 00;01;01;20 Hello again! In today's episode, we're going to talk with Oracle Database Specialist Greg Genovese about Oracle's Maximum Security Architecture. Hi, Greg. Thanks for joining us today. We have so much sensitive information in our databases so I get why a data thief would try to attack and steal data. But how do they actually do it? Databases don't just operate in a vacuum.   00;01;01;23 - 00;01;26;01 A database is accessed often through a firewall by users and applications. Speaking of those firewalls, if an attacker has managed to penetrate into the internal network, they may choose to go after data traveling over that network. This type of attack is much less likely to be detected than attempts to access the database directly. Another popular attack is against the underlying data files, database backups, or database exports.   00;01;26;04 - 00;01;49;19 Here again, if the attacker is successful, they may be able to steal the entire database without even having to try to log in. Oh my goodness! That sounds terrible. If none of those options work, perhaps the database has an unpatched vulnerability. In many cases, there are automated attack toolkits that help exploit these vulnerabilities.   00;01;49;21 - 00;02;18;29 And let's not forget those non-production copies of the database. What's a non-production copy of a database? In many systems, the test and development instances are effectively just clones of production and are hardly ever monitored as closely as production databases. In most cases, there are copies of database for test, development, stage, and user acceptance testing or UAT. Databases persist data into a storage medium and run on servers with operating systems and peripherals.   00;02;19;02 - 00;02;49;16 All of these are managed by administrators. And administrators are a hacker's favorite point of attack. If they can compromise an admin account, they are in with elevated privileges and in most cases zero controls over what they can do. If the attackers can't compromise an admin account, they can often compromise an end user account. Lower privileges, but often still with access to the data or able to be used as a stepping stone to get that access.   00;02;49;19 - 00;03;20;20 Also, applications make an attractive target too. They are frequently more exposed than a database or database server and often even available from outside of the corporate firewall. That's a lot, Greg. There are just so many points of attack. So then how do I keep my database safe? Securing an Oracle Database is much like securing any other system. You are protecting your data, which could be intellectual property, financial data, personal data about your customers or your staff, o