Oracle Virtual Private Database ( VPD ) and Label Security Concept

Oracle Label Security,  is a powerful and easy-to-use tool for classifying data and mediating access to data based on its classification. Designed to meet public sector requirements for multi-level security and mandatory access control, Oracle Label Security provides a flexible framework that both government and commercial entities worldwide can use to manage access to data on a “need to know” basis in order to protect data privacy and achieve regulatory compliance.

Virtual Private Database (VPD), a feature of Oracle Database 11g Enterprise Edition, was introduced in Oracle8i and is one of the most popular security features in the database. VPD is used when the standard object privileges and associated database roles are insufficient to meet application security requirements. VPD policies can be simple or complex depending on your security requirements. VPD can be used in combination with the “application context” feature to enforce sophisticated row and/or column level security requirements for privacy and regulatory compliance. A simple VPD example might restrict access to data during business hours and a more complex VPD example might read an application context during a login trigger and enforce row level security against the ORDERS table.
VPD simple No matter how users connect to the protected table (via an application, a Web interface or SQL*Plus), the result is the same. There is no “application security problem” anymore, since the access policy is attached to the table, and cannot be bypassed.

Example: A customer can only see his orders in the ‘orders’ table (below), when he is listed in the ‘customers’ table (above).

Oracle Database 10g introduced new capabilities to Virtual Private Database: With “Column Relevance”, VPD can be configured such that the policy is enforced only when a critical column is selected:

VPD Column Relevance (passive)

VPD Column Relevance (active)
Example: The account manager with the account_mgr_id “149” can see all rows from the customers table, but not the credit limits. As soon as she queries the ‘credit_limit’ column, she can only see her own customers.

The most advanced configuration (“Column Hiding”) of VPD allows for the most effective combination of ease-of-use and security: She still has access to all public information in the ‘customers’ table, but confidential information remains hidden:

VPD Column Masking
Example: All ‘credit_limit’ data cells are empty except those of her own customers.

Oracle Audit Vault – Overview

Reduce the Cost of Compliance Reporting and Database Monitoring
Oracle Audit Vault, part of Oracle’s comprehensive portfolio of database security solutions, reduces the cost and complexity of compliance and the risk of insider threats by automating the collection and consolidation of audit data. It provides a secure and highly scalable audit warehouse, enabling simplified reporting, analysis, and threat detection on audit data. In addition, database audit settings are centrally managed and monitored from within Audit Vault, reducing IT security cost. With Oracle Audit Vault, organizations are in a much better position to enforce privacy policies, guard against insider threats, and address regulatory requirements such as Sarbanes-Oxley and PCI.

  • Simplify compliance reporting—Easily analyze audit data and take action in a timely fashion with out-of-the-box reports or custom reporting via the industry’s only open warehouse schema for audit information
  • Detect threats quickly—Quickly and automatically detect unauthorized activities that violate security and governance policies; thwart perpetrators from covering their tracks
  • Lower IT costs with audit policies—Centrally manage audit settings across all databases from a single console
  • Transparently collect and consolidate audit data—Collect audit data in a timely fashion across disparate systems
  • Provide a secure and scalable repository—Leverage Oracle’s industry-leading security and data warehousing technology to provide a secure and scalable audit warehouse

Oracle Database Vault – Introduction

Oracle Database Vault, part of Oracle’s comprehensive portfolio of database security solutions, helps organizations address regulatory mandates and increase the security of existing applications. Regulations such as Sarbanes-Oxley, Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and similar global directives call for separation-of-duties and other preventive controls to ensure data integrity and data privacy. With Oracle Database Vault, organizations can pro-actively safeguard application data stored in the Oracle database from being accessed by privileged database users. Application data can be further protected using Oracle Database Vault’s multi-factor policies that control access based on built-in factors such as time of day, IP address, application name, and authentication method, preventing unauthorized ad-hoc access and application by-pass.

  • Pro-actively safeguard application data stored in the Oracle database—Restrict access by unauthorized database users – even privileged users – by using powerful access controls built into the Oracle database.
  • Address regulatory requirements—Implement separation-of-duty and other real-time preventive controls.
  • Restrict ad-hoc access to application data— Prevent application-bypass with multi-factor policies that are enforced in the database for high security and performance.
  • Deploy with confidence—Use certified default policies for Oracle E-Business Suite, Oracle PeopleSoft, and Oracle Siebel CRM applications.

ERP brings efficiency in globalization efforts

With the advent of BRIC nations, especially India and China, every organization view globalization as an opportunity for growth. Some of them want to tap the economical resources from these countries to reduce the cost of operations and others want to tap the growing market demand and see most of their growth coming from these nations. While the organizations might have some IT systems to depend to fuel their growth at home but they still need something to hold all their international operations together so that not only expansion but continuously monitoring and improvement actualization is also a possibility. Organizations can not focus on gaining a competitive advantage if they struggle to integrate their own international operations. Their internal operations need to be integrated first to achieving interoperability on a global scale. Seamless integration is easier to manage governance, risk and compliance. It all means that if the core ERP is capable of dealing with issues like multi currency, multi site and multi-company transfer of inventory, consolidation, localization and translation, then it is much easier for the organization to globalize their operations and benefit from them.

ERP also plays a key role in the consolidation of global financials for an organization. The ability to support a multi national implementation from a single instance of ERP and global consolidation across multi site and multi database (yes, that’s correct) implementations are the kind of benefits that enable organizations in their globalization endeavors.

ERP also addresses largely the major challenges, companies face in the wake of globalization, like complex supply chains both in raw material and finished goods, the need to adapt to the rules & laws of foreign nations, lead times that inhibit the ability to respond to customer or market demands and most importantly end to end supply chain visibility.

Having talked about the features of ERP that helps in globalization, there are few limitations in almost all the ERP products that still need to be addressed by the providers so that it can become a complete package. Issues like inability to capture the export or shipping documentation, lack of translated versions of ERP or challenges in managing global de-centralized IT installation. All these, force the organizations to customize the product or add best of breed systems to flank the core ERP system so that all of their needs are addressed.

If we look at the Best in Class organizations today, we will know that ERP is already implemented at all their major operating sites and conforms to corporate standards worldwide. Reporting capabilities are fully utilized and assist the executives in taking the right decisions at right time. They have realized the potential of ERP for them, have you?

About Author:

Puneesh Lamba is a seasoned Supply Chain Management and ERP Expert who has more than 16 years of experience in SCM, ERP and Distribution areas in multiple industries and various organizations. He has worked across the globe with his major assignments in India, Americas and Europe. He keeps on contributing in the ERP and SCM space at his site leveraging the knowledge he has gatherd over the years and likes to debate on new trends as well as strategies for growth in his areas of interest.