Toad World Blog

Guide to the Toad for Oracle Sensitive Data Protection Module

May 13, 2019 4:50:00 PM by Julie Hyman

Toad for Oracle can now help Developers and DBAs meet growing compliance requirements by providing a way to define, find and address sensitive data within your Oracle database schemas.

Toad for Oracle's new Sensitive Data Protection features fall into two categories of functionality - Sensitive Data Awareness and Sensitive Data Search.  Both capabilities come with a pre-filled library of common definitions of sensitive data patterns allow organizations can customize and define what sensitive data means to their organization and business. 

Customize what "sensitive data" means to you

Toad for Oracle Professional now includes a new area under options that allows each organization to review a rules repository of common sensitive data pattern rules - such as rules around tables and fields containing social security numbers, email, phone numbers and addresses. Users can remove rules, edit them to fit their own needs or add completely new rules using PCRE(PHP) Regular Expression language (see https://regex101.com/).

 

Sensitive Data Awareness

 

Toad for Oracle now helps database developers meet controversial "privacy by design" requirement built into the most recent data privacy regulations, by highlighting potential sensitive data fields right in the SQL editing screens and object information screens where database developers live and breathe when creating, testing and reading PL/SQL code. Flagging potentially sensitive fields for developers as they are developing and working with database objects and code, includes those developers into the data privacy discussion and ensures that the lines of communication are open within your organization.

Within the Editor, Alter Table and Create Table screens within Toad for Oracle Professional, fields that match the criteria for holding sensitive data (as determined by the column name) will have a special flag that informs the user about the special nature of these fields.  User can mouse-over these indicators to receive more information like why it is being flagged (which pattern rule is involved) and what protection policies (like audit, redaction and encryption) are in place for these fields.  In addition, if the user has sufficient privileges, they can in some instances add new policies to these fields on the fly. 

Introduced in Version 13.1, Sensitive Data Awareness is available to all Toad for Oracle Professional Edition users and requires no extra licensing. 

Read more about Sensitive Data Awareness here.

Sensitive Data Search 

Users with Toad for Oracle Professional Edition (or higher), can purchase the new Toad for Oracle Sensitive Data Protection Module to enable Sensitive Data Protection Search.  The Search capability allows users to use/define patterns to identify sensitive data in your instances based on actual data.  By searching both column naming conventions and actual data columns, Toad for Oracle Sensitive Data Protection Search provides a more thorough analysis of your schemas to identify sensitive data columns.   

Once identified, it is also easy for users who have the correct permissions to add/edit audit, redaction and encryption polices for these fields. 

 And all of this can also be automated and run on a schedule for auditing and reporting

Introduced in Version 13.1.1, Sensitive Data Search requires Toad for Oracle Professional or above and the additional purchase of the Toad for Oracle Sensitive Data Protection Module.

Read more about the Sensitive Data Search capabilities in the new Toad for Oracle Sensitive Data Protection Module here.

 

Tags: Toad for Oracle Sensitive Data Protection

Julie Hyman

Written by Julie Hyman

Julie Hyman is a Sr. Product Manager for Quest Software. Julie has 20+ years of experience in Development, Project Management and Product Management.