Oracle Database Security is in fact not a single product but a set of products. It supports different features around securing content in databases. This report focuses mainly on Oracle Advanced Security and Oracle Database Vault but covers the other products as well. This is based on the fact that these two products are, from the KuppingerCole understanding, at the core of Oracle Database Security.
Both products are part of the relatively new product category Database Security, which consists of products which are specifically trying to enhance the security of information in databases. That includes stronger security controls, data masking for test environments, but especially the access control on data in databases.
The core capabilities in the Database Security market are in fact access control including privileged access management and advanced security by encryption of data. Other features like audit log analysis (sort of database-specific SIEM – Security Information and Event Management), Masking, Data Labeling, and others might complement this.
Oracle delivers a broad range of products to enhance database security. From the KuppingerCole perspective, Oracle currently has the broadest portfolio in the market and delivers leading-edge products in all areas of database security. Thus Oracle can support their customers in enhancing their database infrastructure to fulfill compliance regulations and to be in sync with the IT Governance requirements of the organization. There is some room for improvement with respect to integration of products and support for heterogeneous environments.
KuppingerCole strongly recommends to any organization with Oracle databases in production use to evaluate the Oracle Database Security offerings and to pick the appropriate ones to enhance security and compliance support in their production environments. When looking at database security in general, we as well recommend to evaluate the Oracle offerings with support for heterogeneous environments as well as the Oracle-specific tools.