Data Vault is a very interesting product which I have been waiting for since seeing a demo of it at OOW2K5SF. Its value proposition is answering two questions:
- How can I stop my DBA reading my sensitive data?
- How can I prove that I have stopped my DBA reading my sensitive data?
It does this by separating user creation and privilege settings, and the auditing of same, from regular DBA activity. Of course it is not foolproof but if properly implemented it is going to need a conspiracy of at least three people to break Data Vault. A regular database is vulnerable to a single rogue DBA.
There's no details about pricing but the fact that it is listed as a Security Option alongside Oracle Advanced Security and Oracle Label Security should give us a clue.