RE: data exchange between oracle and sqlserver
Date: Thu, 2 Feb 2012 16:02:34 +0000
Message-ID: <416FB269D9362D4AA40BE7124CA3EF9F09336CEC_at_SSVMEXDAG01MB04.tufts.ad.tufts.edu>
Thanks to all who replied to my thread. I'll pass the information to our developer team. They all are very valuable information. Any ideas are welcome since we don't have this kind of experience.
Joan
-----Original Message-----
From: Goulet, Richard [mailto:Richard.Goulet_at_parexel.com]
Sent: Thursday, February 02, 2012 10:52 AM
To: erenb_at_datamasking.com; Hsieh, Joan; oracle_l
Subject: RE: data exchange between oracle and sqlserver
From my reading of this it appears that the PII is needed by the third parties for their business purposes. That being the case an encryption/masking option doesn't work very well when pulling the data unless you can undo it on the other side. At the same time I agree with the developer that it should not be laying around on a server or laptop where it is vulnerable to unauthorized exploitation. And I assume that those files have to be somewhere where the outside third party can access them. That gives you basically three options; 1) encrypt the files immediately after creation using a key that you can share with the third party, 2) placing the files on a secured share and then transfer them via https again using a cypher key, 3) creating the files then allowing the third party to sftp the files to their site using a cypher key. We've used approach 2 and 3 over here depending on the third parties choices and they work very well. Course you should probably have some Uni x based system experts who can lock down the server in the DMZ as we have.
Richard Goulet
Senior Oracle DBA/Na Team Leader
--
http://www.freelists.org/webpage/oracle-l
Received on Thu Feb 02 2012 - 10:02:34 CST