Files
oracle-deep-data-security-lab/docs/security-model.md
Rodrigo db3d68af10
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Improve Deep Data Security lab scenarios
2026-05-13 16:13:04 -03:00

1.1 KiB
Executable File

Security Model

Required Controls

  • Database deployed through a private endpoint.
  • Dedicated NSG for the database.
  • mTLS required.
  • Passwords, API keys, wallets, and .tfvars files kept out of Git.
  • Demo users without administrative privileges.
  • Reset SQL script for each scenario.
  • OCI Vault with customer-managed keys.
  • Data Safe for assessment, discovery, masking, and activity auditing when supported.
  • OCI Logging and event retention.
  • SIEM integration for advanced labs.
  • Database Vault to demonstrate DBA blocking for sensitive schemas.

Optional Controls

  • Compute bastion with restricted public access.
  • Oracle Key Vault for hybrid or multicloud scenarios.
  • AVDF for centralized auditing and Database Firewall in on-premises or Exadata environments.

Important Notes

Oracle Deep Data Security enforces authorization at runtime. It does not replace TDE, non-production data masking, Database Vault, Data Safe, AVDF, or key governance. In a customer architecture, these controls should be combined according to risk.