To further protect sensitive application data residing in an Oracle Database from unauthorized access by any database user, Oracle Database Vault now includes extensible policies for use with Oracle's JD Edwards EnterpriseOne. Oracle Database Vault enables JD Edwards EnterpriseOne customers to restrict access to application data by highly privileged users, enforce separation-of-duty within the Oracle Database, prevent application bypass and enforce enterprise security policies with multi-factor authorization.
"Oracle Database Vault delivers immediate value to JD Edwards EnterpriseOne customers by transparently protecting application data within the Oracle Database," states Vipin Samar, vice president of Database Security, Oracle. "Using Oracle Database Vault, organizations can better meet challenging global privacy mandates that call for limiting access to sensitive information by privileged users without costly application changes."
Specifically, the default Oracle Database Vault policies for JD Edwards EnterpriseOne will establish an Application Protection Realm to prevent privileged users from accessing sensitive information; Configuration Protection Realm to protect the application meta data against unauthorized changes; and, Command Rule to authorize the JD Edwards application connections to the Oracle Database based on IP address and client application. The default policies can be customized and further extended to take into account other factors such as time of day, day of week, authentication, and more.
In addition to increasing the security of existing applications, Oracle Database Vault helps organizations meet regulatory mandates that call for separation-of-duties and other preventive controls to ensure data integrity and data privacy. Oracle Database Vault is certified with all JD Edwards EnterpriseOne application modules and releases version 8.12 and higher, Oracle's Siebel CRM, the Oracle E-Business Suite, and Oracle's PeopleSoft Enterprise.
For more information about Oracle Data Vault, go here.