1. AI Database
  2. Security

Data Safe

Oracle Data Safe empowers organizations to understand data sensitivity, evaluate data risks, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and manage Oracle AI Database SQL Firewall—all in a single, unified console.


These capabilities help to manage the day-to-day security and compliance requirements of Oracle databases, both on-premises and in the cloud.


Take the product tour
Watch the Data Safe video (7:17)

2025 KuppingerCole Leadership Compass for Data Security Platforms

Discover why KuppingerCole recognized Oracle as a Leader in database security

Why Oracle Data Safe

  • Unified risk management

    One cloud service to assess security, monitor activity, discover sensitive data, and mask data across Oracle databases in OCI, Cloud@Customer, multicloud, and on‑premises. Oracle Data Safe manages Oracle AI Database 26ai SQL Firewall.


  • Accelerate compliance and privacy

    Discover and classify regulated data, apply consistent audit policies, and generate turnkey reports to meet GDPR, CCPA, DPDPA, PCI DSS, HIPAA, and other compliance needs.



  • Reduce attack surface and insider risk

    Identify risky users and excessive privileges across your fleet, flag weak configurations, and get alerts on suspicious activity



  • Simplify operations

    Cloud‑native, centrally managed workflows and APIs streamline onboarding, policy deployment, and continuous monitoring for large fleets.


Oracle Data Safe features

Organizations struggle with weak passwords, overprivileged users, and misconfigured databases that create vulnerabilities attackers exploit. Teams lack visibility into where sensitive data resides, how users behave, and whether they meet compliance requirements. Oracle Data Safe provides a unified platform that automatically identifies vulnerabilities, discovers and classifies sensitive data, monitors suspicious activity, and maintains audit trails for GDPR, CIS, and STIG compliance.

Security assessment

Quickly evaluate database security posture by identifying, categorizing, and prioritizing risks. Get comprehensive reports on configuration parameters, security controls, user roles, and privileges. Maintain baselines, detect drift, and enforce consistent controls fleet-wide with actionable recommendations mapped to GDPR, DISA STIGs, and CIS benchmarks.

User assessment

Identify highly privileged accounts that pose threats if misused or compromised. Data Safe calculates risk scores for each user based on user types, authentication methods, password policies, and password change frequency. Review privileges and activity through direct links to audit records, then deploy appropriate security controls based on risk insights.

Activity auditing

Collect audit data from databases and identify anomalous operations. Manage audit and alert policies using out-of-box or custom reports to analyze database activity. Retain audit data up to 7 years for compliance and forensic investigation.

Sensitive data discovery

Discover and classify sensitive data using 150+ predefined types, extendable with custom types. Built-in sensitive types cover personal identifiers, biographic, IT, financial, healthcare, academic, and employment data. Gain clear insight into the type, location, and volume of sensitive data to assess risk and determine protection needs.

Data masking

Mask sensitive data using prebuilt formats and extend using custom rules. Preserves referential integrity so your applications run on masked data. Build masking policies from discovered data, run scheduled jobs, and generate audit reports.

SQL Firewall management

SQL Firewall in Oracle AI Database 26ai learns normal application behavior—tracking SQL statements, network addresses, OS users, and programs. Centrally manage policies and monitor violations with alerts and reports.

Security policies

Centrally deploy and manage audit policies and SQL Firewall configurations across database fleets. Use Oracle predefined policies aligned to compliance frameworks or create custom policies. Policies automatically apply to database groups and dynamically update as targets change.


Alerts and notifications

Define policies to alert on risky events including privileged actions, failed logins, and configuration drift. Route notifications to operations teams for immediate response.

Multicloud and on-premises database support

Supports registering databases across Autonomous AI Database, Exadata Cloud Service, Base Database Service, Oracle Database@Azure, Oracle Database@Google Cloud, Oracle Database@AWS, Amazon RDS for Oracle, Cloud@Customer, and on-premises databases including Enterprise Edition and Standard Edition for centralized governance.

APIs and automation

Comprehensive REST APIs, OCI CLI, and SDKs (Java, Python, Go, .NET, Ruby, TypeScript/JavaScript) automate onboarding, assessments, auditing, discovery/masking, and reporting. Integrate with DevOps and SecOps workflows using Terraform via the OCI Provider for infrastructure-as-code deployments.

Oracle Data Safe customer successes

Customers leverage Oracle Data Safe to protect sensitive data from internal and external threats, while simplifying and accelerating compliance efforts.


Customer Highlight

Soho Media Solutions chooses Oracle Data Safe to improve database security and address GDPR compliance

"We use Data Safe to monitor and assess user activity inside the database…It’s very easy to implement and it’s very, very robust."

—Guillaume Delannoy, CEO, Soho Media Solutions

Resources

AskTOM Oracle Database Security Office Hours

AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.

Subscribe


LiveLabs: Oracle Data Safe

This workshop lets you practice the main features in Oracle Data Safe, including activity auditing, alerts, security assessment, user assessment, data discovery, and data masking.

Try now


October 9, 2025

Simplifying Database Security Compliance at Scale with Oracle Data Safe

Bettina Schaeumer, Senior Principal Product Manager, Database Security, Oracle

Maintaining security compliance across a growing fleet of Oracle Databases has always been a challenge, particularly for organizations juggling cloud, on-premises, and hybrid environments. Each environment has unique requirements, and trying to enforce standards like CIS (Center for Internet Security), STIG (Security Technical Implementation Guide), along with unique corporate security policies consistently across dozens, hundreds or even thousands of databases is time-consuming, complex and error-prone. That’s why we think Oracle Data Safe’s recent update is such a game-changer. Read the complete post

Read the complete post

Featured database security blogs

Get started with Oracle database security


Try Data Safe LiveLabs #1

Experience Data Safe by configuring your key use cases on LiveLabs. This is an overview lab. It focuses on evaluating database configurations and security controls, assessing user security and privileges, monitoring user activity through auditing and alerts, discovering and masking sensitive data for compliance, and mitigating risks from SQL injection and compromised accounts using SQL Firewall.

Try now

Try Data Safe LiveLabs #2

Experience Data Safe by configuring your key use cases on LiveLabs. This lab focuses on establishing secure connectivity to Oracle databases across cloud and on-premises environments using Data Safe private endpoints for databases in OCI or connected via FastConnect/VPNConnect, and Data Safe on-premises connectors for databases outside OCI.

Try now

Try Data Safe LiveLabs #3

Experience Data Safe by configuring your key use cases on LiveLabs. This lab focuses on integrating Data Safe with applications and Oracle Cloud Infrastructure services through the Data Safe API, command line interface in Cloud Shell, and event creation for automation and orchestration.

Try now

Contact sales

Talk to a team member about Oracle Database security.


Get in touch