Files
oracle-deep-data-security-lab/docs/security-model.md
Rodrigo Pace 52bf971b8b
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled
Translate lab documentation to English
2026-05-08 14:50:52 -03:00

30 lines
1.1 KiB
Markdown

# Security Model
## Required Controls
- Database deployed through a private endpoint.
- Dedicated NSG for the database.
- mTLS required.
- Passwords, API keys, wallets, and `.tfvars` files kept out of Git.
- Demo users without administrative privileges.
- Reset SQL script for each scenario.
## Recommended Controls
- OCI Vault with customer-managed keys.
- Data Safe for assessment, discovery, masking, and activity auditing when supported.
- OCI Logging and event retention.
- SIEM integration for advanced labs.
- Database Vault to demonstrate DBA blocking for sensitive schemas.
## Optional Controls
- Compute bastion with restricted public access.
- Oracle Key Vault for hybrid or multicloud scenarios.
- AVDF for centralized auditing and Database Firewall in on-premises or Exadata environments.
## Important Notes
Oracle Deep Data Security enforces authorization at runtime. It does not replace TDE, non-production data masking, Database Vault, Data Safe, AVDF, or key governance. In a customer architecture, these controls should be combined according to risk.