Next-generation security for your most valuable asset

Your business is under constant threat from all sorts of dangers. Some are accidental, such as human errors, system failures, and natural disasters, but the vast majority are malicious. Malware and ransomware, the largest security threats, are becoming increasingly sophisticated—and their effects can be devastating.

Database Malware Ransomware Disgruntled employees Rootkit Phishing attacks System failure Unapplied patches Natural disasters Power outage Human error Database Malware Ransomware Disgruntled employees T rojan malware Phishing attacks System failure Unapplied patches Natural disasters Power outage Human error

What could a breach lead to?

Loss of business

Repairing the damage caused by a data breach takes considerable time and effort. Business as usual will have to wait.

Loss of reputation

Reputation, once damaged, is difficult (some say impossible) to repair—and who wants to trade with a company with a tarnished reputation?

Data loss

Your data is your most valuable asset. Losing some or all of it could be fatal for your business.

Data protection regulation

NIS Directive

The first EU-wide guidelines on cybersecurity, established to achieve high level of network and information systems security.


Under GDPR, companies can be fined up to 4% of their annual revenue or €20 million, whichever is greater.

The cost of cybercrime

Average annual cost of cybercrime by consequence of the attack

(2018 total = US$13.0 million)

3.0 3.4 3.8 4.0
Business disruption
Information loss
Revenue loss
Equipment damages

Source: The Cost of Cybercrime Ninth Annual Study - Ponemon Institute LLC and Accenture.

Cybersecurity and best practice

Keeping on top of what’s new is almost impossible, and even the best trained people can make mistakes. Security is no longer just about preventing an attack. With new regulations to contend with, security can't be an afterthought. Securing your data has to be part of your DNA.

Data protection by design, and by default.

To be compliant with GDPR, you must be able to prove you have all the necessary technical and organizational measures in place to protect personally identifiable data. You must also be able to prove you have the ability to handle, neutralize, and recover from an attack, in a timely manner.

The layered approach

As we’ve seen, protecting your data is absolutely paramount for numerous reasons, but you need to strike a balance between security and access. A secure system is of no use if authorized users are unable to freely access the data they need to do their jobs.

Security therefore needs to be approached on different levels, protecting your data with interlocking layers of protection that only authorized users can pass through.

Prevents non-database users accessing data directly from database files.

Transparent Data Encryption helps protect data stored on media, both in transit and at rest.

Checks that users are who they say they are.

Methods range from the simple username and password combination, to the more robust multifactor authentication.

Controls access to data within the database.

Authorization ensures users only have the privileges to do what they need to do. We call this enforcing least privilege access to data.

Captures information about database activity.

Auditing helps to detect any attacks in progress or to investigate any suspected incidents.

Prevents threats from reaching the database.

You can’t audit everything, so network-based monitoring of database traffic is also used; we block as much undesirable activity as possible to protect the database.

Secures the database production environment and prevents drift.

This ensures auditable checkpoints and the ability to rebuild in case of need.

Removes sensitive data from nonproduction environments, such as testing and development.

This enables employees to access the data they need while preventing them from accessing personally identifiable information, sensitive personal data, or commercially sensitive data.

Step your database security up a level

Multiple layers of security will help protect your database, but you also need to consider its attack surface. The bigger the surface, the more potential weak spots and the more vulnerable your database will be. This is where the engineered systems approach pays dividends. Combine your Oracle Database with Oracle Exadata and you’ll reduce your database’s attack surface to the absolute minimum.

Oracle Exadata

The only database platform where security is engineered to be on by default.

End-to-end encryption with no performance penalty . Secure boot ensures your file system has not been tampered with nor had malicious software installed. Reduced attack surface with minimum packages installed. Enforced firewall connectivity to your data. Full auditing of the operating system user . Enforced hardened password policies. Secure boot ensures your file system has not been tampered with nor had malicious software installed. Reduced attacksurface with mini - mum packages installed. Enforced firewall connectivity to your data. Full auditing of the operating system user. Enforced hardened password policies.

Plan for recovery

No matter how well prepared you are—or how secure your database is—you can’t eliminate risk entirely. The need to recover data will be inevitable. Validation at every stage of recovery is key. Oracle’s Zero Data Loss Recovery Appliance ensures the ability to recover your data with continuous validation.

Oracle Exadata and Oracle’s Recovery Appliance integrate seamlessly to create an end-to-end solution that reduces your surface area of attack, offers tight role-based security, and ensures you’re back up and running with minimal impact on production.

50x faster

50x faster

Reduce backup time from hours to minutes—up to 50x faster than generic purpose-built backup appliances.

100% validation

100% validation

Recover data when you need to—and with 100% validation.

Point-in-time recovery

Point-in-time recovery

Recover to the moment before a ransomware attack or system outage occurred.



Help meet governance and compliance requirements with real-time recovery status monitoring.

Backup protection

Backup protection

Ensures that backups can’t be deleted—not even by malicious users.

“Oracle's Zero Data Loss Recovery Appliance demonstrates a 47% reduction in downtime costs relative to purpose-built backup appliances.”

David Floyer, CTO and Cofounder, Wikibon

“Restores that were taking up to four hours are completing in around 30 minutes.”

Javier Ruiz, Manager of IT Infrastructure, Energy Transfer

Oracle Cyber Recovery Vault

While Oracle’s Recovery Appliance ensures you can always recover within your data center, what happens if the entire data center itself is compromised by an outage or attack? The Oracle Cyber Recovery Vault architecture extends the functionality of Oracle’s Recovery Appliance to an isolated and separate infrastructure, so you can recover your business if the worst happens.

With our cloud equivalence, you have the option to restore your data to Oracle Cloud using the same platforms you have in your data center today.

Complete peace of mind (as a service)

Finally, if you require maximum protection for your critical data, we can offer you Oracle’s Recovery Appliance in the Cyber Recovery Vault combined with Oracle Cloud Infrastructure Database Cloud Services. With this you benefit from:

All network security and monitoring

Operating system and virtual machine security and patching

Validated database security patches

Automated upgrade process

Data Safe control center

Want to find out more?

Watch our on-demand webcast: Build Your Cyber Recovery Vault.

View now