Data security for PDPA

Based on todays criminal cases in data threads, in Thailand, PDPA is announced in order encourage personal data protection. Therefore, “Database Security Solution” is now highlightened as a priority task in database management for applying organization’s policy to PDPA. Capabilities of Database therefore play an important role in the system. We bring Data Security Solution to take part in data protection and ensuring security of database system, in accordance with the PDPA with the ability of the Oracle Database technology that we confidently employ to deliver the best solution to our customers, the solution can be divided regarding platform as follows

Securing an Oracle Database is much like securing any other system. You are protecting your data that could be intellectual property, financial data, personal data about your customers or staff, or (more likely) a combination of all three.  Because data is valuable, you need to guard against theft and misuse.
This data is used for business purposes and that means users and applications connect to the database, and you need to safeguard that data with security controls that restrict access to the data according to your policy.
To do this you’ll need to do three things:

  • assess the system to determine it’s current state and develop a remediation plan.  Is the system configured properly?  Patches applied regularly?  How are user privileges managed – are you enforcing least privilege? What types and how much of sensitive data is the system holding?  Your existing investment in the Oracle Database gives you the features and utilities you need to assess your database and identify areas for improvement and risk reduction
  • detect attempts to access data outside of policy, and identify anomalies in data access – almost all database activity is repetitive, so anomalies are frequently a leading edge indicator of attempted data theft.
  • prevent access to data that doesn’t go through the database control mechanisms – sniffing traffic over the network, reading the underlying data storage layer, or misuse of database exports and backups. Block inappropriate access to data through control mechanisms that consider the context of the access – not just the identity of the account accessing the data.

Oracle provides industry-leading capabilities for each of these security control objectives.  Our team can help you identify the right technical enforcement for virtually any control objective.


Benefit

  • Support Regulatory Compliance
    • Personal Data Protection Act (PDPA)
    • Sarbanes-Oxley (SOX), J-SOX, GLBA
    • Payment Card Industry (PCI)
    • HIPAA, EU Privacy Directives
    • California Breach Disclosure Act
    • COSO, COBIT
    • Separation of duty, Proof of compliance, Risk Assessment and Monitoring
  • Prevent Insider/External Threats
    • Large percentage of threats go undetected
    • Outsourcing and off-shoring trend
    • Customers want to monitor insider/DBA


Component Product Solution:
Oracle Database Security Assessment Tool
Oracle Advanced Security
Oracle Database Vault
Oracle Audit Vault and Database Firewall
Oracle Data Masking and Subsetting
Oracle Key Vault Oracle Label Security