One topic that has been coming up over and over this year is Cyber Vault. In this post I am going to through the characteristics I commonly see when a customer build a Cyber Vault. The image below gives you a good idea of what is involved.
Characteristics of a Cyber Vault
- NTP and DNS services.: Because a Cyber Vault is often isolated from the rest of the datacenter it is critical to have NTP service. Proper time management is critical to ensuring backups are kept for the proper retention. DNS isn't critical, but it is definitely very helpful in configuring infrastructure. In many cases "/etc/hosts" can get around this, but is a pain to maintain.
- Firewalls: Configuring firewalls, and isolated networks is critical to ensure the Cyber Vault is isolated. The vault is often physically in the same datacenter, with network isolation providing the protection. Be sure to understand what ports, networks, and traffic direction is utilized on all infrastructure so you can proper set firewall rules.
- Air Gap: Creating an Air-Gap has become the standard to protect backups in the Cyber Vault. The Air Gap is often open for only a few hours a day at random times to ensure that the opening isn't predictable. To limit the exposure time, it is critical to maximize the networking into the vault, and minimize the amount of data necessary to transfer.
NOTE: Not all customers choose to have an Air Gap. Having an Air Gap that is closed for long periods of times ensures there is less chance of intrusions, BUT it guarantees long periods of data loss when a restoration is performed. This is most critical to decide with databases that are always changing.
- Break-the-glass: There needs to be control on who gets access into the vault, and an approval process to ensure that all access is planned and controlled.
- Backup validation: There needs to be a validation process in a vault to ensure that the backups are untouched. When the backups contain executables, this is typically scanning for ransomware signatures. When backups are Oracle Backups, performing "Restore Database Validate" is the gold standard for validating backups.
- Clean Room: A clean room is an environment where backups can tested, This can be a small environment (a server or 2) or it can be large enough to restore and run the whole application.
- Monitoring and reporting infrastructure : For Oracle this OEM (Cloud Control). It is critical that any issues are alerted and reported outside the vault.
- Audit Reports: Audit reports are critical to ensuring that the backups in the Cyber Vault are secured. Audit reports will capture any changes to the environment, and any issues with the backups themselves.
BONUS: One thing that customers don't often think about is encryption keys. Implementing TDE on Oracle Databases is an important part of protecting your data from exfiltration. But you should also ensure that you have a secure backup of you encryption keys in the Vault.
OKV (Oracle Key Vault) is the best way of managing the keys for Oracle databases.