Oracle SE2 Security Challenge [Dbvisit Guest Blog]

(c)annsjokvist

A NEED TO RETHINK TOMORROW

This post was originally written for Dbvisit – a company providing added values to any Oracle Standard Edition Environment

Many people within the Oracle Community share their knowledge about the Oracle database from an Oracle Enterprise Edition database perspective, and therefore the advice might not be suitable for an Oracle Standard Edition 2 database due to license restrictions.

Back in 2014, my idea was not only to increase the awareness of the Oracle Standard Edition database pitfalls but also highlight its potential and opportunities by blogging and speaking at conferences about it.

I assume most of the people within the Oracle Community already know, that the luxury of using features like AWR, ASH, compression, partitioning and advanced security are out of reach for an Oracle Standard Edition 2 database customer and DBA in 2018.

Back in 2014 it was easy to advocate for the Oracle Standard Edition database, since it had the same solid core technique as Oracle Enterprise Edition and was only lacking some neat features and options, that most ISV vendors anyhow had not implemented in their application. The missing features/options like diagnostic and tuning pack wasn’t having any impact noticeable for an application user. It was more of a DBA kind of issue or problem. But….

GDPR CHALLENGES

(c)crownworkforcemanagement

The big buzz word in Europe is the “GDPR”, which is the General Data Protection Regulation. Everybody working in ICT is searching for a technical solution that supports a company’s daily business struggles to become GDPR compliant and the lack of advanced security features are starting to give Oracle Standard Edition 2 database customers in 2018 a bad headache.

Oracle provide a nice battery of technical solutions to tackle the new GDPR challenges. Following Oracle’s GDPR papers might give you an idea of the range of technical solutions for good compliance at the Oracle database level:

Accelerate Your Response to the EU General Data Protection Regulation

Accelerate Your Response to the EU General Data Protection Regulation with Oracle Cloud Applications

Helping Address GDPR Compliance Using Oracle Security Solutions

I agree with Oracle on this one:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies. However, Article 32 does provide guidance on certain security measures that organizations may consider implementing to help secure the data….”

Since GDPR is more a technical-neutral thing, than an edition specific thing, I was expecting specific advice for all the other database editions as well. Undoubtedly the fact that Oracle provide technical solutions from an Oracle Enterprise Edition database perspective is a big challenge for many Oracle Standard Edition 2 database users today and when asking Oracle about this challenge, the answer is of course “join our cloud”.

Cloud is for sure a nice thing, but for many reasons a move to the cloud is not an option for some companies. What options are then available for such a customer? Move to another database vendor, who will provide free or very low-cost security options? Sure, why not, but for sure such a solution will also require some new investments. So far, I haven’t heard of many business applications built-in such way, that you can switch the database without any application modifications.

AVDF ON ORACLE STANDARD EDITION

© SAN Institute

At OOW17, I talked to people at the Oracle Security stand, who told me that the Oracle “Audit Vault & Database Firewall” product now is available for Oracle Standard Edition 2 databases as well. This is great, because I saw an opportunity for Oracle Standard Edition 2 database customers today to build a solution that would ease their “GDPR headache”. Please note that Oracle also has a solution called “Audit Vault”, which is a completely different product.

If you are not familiar with what these two products can achieve, here are a couple of links to SAN Institute articles about Oracle AVDF and Oracle AV.

Short summary on AVDF:

“At a High-Level Oracle Audit Vault and Database Firewall (AVDF) provides organizations with three key database security requirements: audit collection, SQL traffic monitoring and security event reporting. With an easy-to-use interface, AVDF is for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.”

To my understanding, at a minimum GDPR compliance requires, that a company has a good picture of and a broad understanding of their data, its sensitivity, who is using the data and for what purpose, so that if a breach occurs, they can inform the authorities.

MONITOR, BLOCK AND AUDIT

© Dreamstime

Naturally I had to test AVDF 12.2.0.7 together with an Oracle Standard Edition 2 database to get some insight. The amount of audit trail with only a standard audit option is of course a challenge in itself. I tested an approach of combining standard audit with the FDA-solution and some triggers.

The “SE2+AVDF” solution I tested is not as elegant as the ones available out-of-the-box for an Oracle Enterprise Edition database, but it gave me some new ideas on how this solution might be refined and therefore could be helpful. But no doubt the option of buying security options for an Oracle Standard Edition 2 database would be a relief.

Since Oracle Standard Edition 2 database customers are facing a challenge now, I have also checked for alternative solutions. There are many other candidates available on the market and it’s obvious they will be explored.

RETHINK TOMORROW

At OOW17, Larry Ellison announced that Oracle will make security their business. They intend to do everything in their power to make their databases more secure.

“So first, we [the business world] have gotta provide security without slowing down our other tasks, and we HAVE TO ELEVATE the priority of security in our data centers—because NO ONE wants to be on the front page about having lost their company’s data,” Ellison said at OOW17.

Sounds good and promising.

The fact that the Oracle Standard Edition 2 database doesn’t include advanced security or fine-grained auditing options is well-known, and probably one of the most significant challenges in the era of GDPR.

Both Oracle’s announcement at OOW17 about making security their business and this statement from one of the above presentations make me believe in the Oracle Standard Edition 2 opportunities:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies.” As an optimistic and positive person, the statements make me believe in the power of “rethink tomorrow”.

Security is everybody’s concern, and should IMHO not be a matter of money. It should be a default “de facto” in every database like “Sun & Moon”, “Bonnie & Clyde” or “Cruffin & Coffee”.

Take care, stay well and let’s see what the future of tomorrow looks like.

Ann

Helsinki 20 Feb 2018

SE2 released TODAY 1st Sept 2015

(c) Ann sjökvist

SE2 released TODAY 1st Sept 2015

Today is a great day for Oracle Standard Edition Community!

The “Oracle Database Standard Edition 2 (=SE2)” has been released, and can now be downloaded

What’s new with SE2?

  1. The concepts “Standard Edition (=SE)” and “Standard Edition One (=SE1)” is gone, and the new name is “Oracle Database Standard Edition 2 (=SE2) edition”
  2. Oracle Database Standard Edition (=SE) Licensed Customers can download the new SE2 without any extra costs
  3. Standard Edition One (=SE1) Licensed Customers can download the new SE2 with an extra migration fee. Yes, that’s right. Without the extra migration cost, these customers are not allowed to migrate to the SE2.
  4. The Oracle Database Standard Edition Two (=SE2) will have a restriction of max 2 sockets, and max 16 threads/database. And if hyper thread is in use, there is a max 8 threads/database.
  5. The RAC feature will be available in the new SE2 release. Please keep in mind the max 2 socket and max 16 cores (hyper thread= max2 socket &max 8 core) rule.

See oracle.com for more information.

  • http://www.oracle.com/us/corporate/pricing/databaselicensing-070584.pdf
  • http://www.oracle.com/us/corporate/pricing/sig-070616.pdf

How long will Oracle Database 12.1.0.1 in any edition remain under Premier Support?

Full patching support for 12.1.0.1 for all versions of 12gR1 (Enterprise Edition, Standard Edition and Standard One Edition) will be proviced for an additional 12 months from the release of 12.1.0.2 SE2, so through until end August 2016.

After that period Oracle Database 12.1.0.1 will enter Sustaining Support. There won’t be any Extended Support for Oracle Database 12.1.0.1 in any edition.

Will there be an Oracle Database Standard Edition 12.1.0.2 SE/SE1?

Beginning with the release of Oracle Database 12.1.0.2,  Oracle Database Standard Edition (SE) and Oracle Database Standard Edition One (SE1) are no longer being released.  12.1.0.1 was the final edition that we will produce for SE and SE1.

MOS Note:742060.1 Release Schedule of Current Database Releases does reflect this extension already:  Release:12.1.0.1 Patching Ends: 31st of August 2016

I suspect lot’s of tweets on this subject, so I hope you all will remember to use the #orclse or #orclse2 tag.

Take care, stay well, and enjoy a life with the new SE2!

-Ann

Turku 1st September 2015

Recommended by DBvisit

DBvisit recommended reading

Have you heard about the company DBvisit?

Have you heard about the opportunities their DBvisit Standby can bring to Your Oracle Standard Edition Database environment?

If not, I suggest you take a look at this.


DBvisit had a webinar and in the end of the session, this slide about Recommended Reading was introduced.

Thanks DBvisit for this shoutout:

recommended reading standard edition

There is also a new Oracle Standard Edition blog by Laurent Leturgez (http://oracle-standard-edition.com/).

Take care, stay well and let’s enjoy the opportunities the Oracle Standard Edition can and will bring your business.


-Ann

Turku 7.4.2015