Encryption of data at rest (general discussion)

From: Brad Peek <brad_peek_at_yahoo.com>
Date: Fri, 18 Jan 2013 09:03:56 -0800 (PST)
Message-ID: <1358528636.36565.YahooMailNeo_at_web121603.mail.ne1.yahoo.com>

I would like to solicit thoughts on the business value of Oracle's transparent data encryption (TDE) option.   We use it sparingly but are considering expanding its use considerably.    The thing that bothers me about TDE is that it provides no protection from anyone who can connect to the database.  We have an impressively secure data center so the idea that someone would be able to physically remove one or more disks just doesn't seem like a real threat.   So, someone would need to get onto one of the Exadata servers and then copy off blocks of data from the Exadata storage cells and then piece that data into something meaningful.   I understand that these data blocks could contain recognizable data (e.g. email addresses) in clear text but I don't see how one could gain enough context about the data for it to be useful.   So in my mind the amount of "real" protection is minimal.  
In fact it seems possible that we could be introducing greater risk to the business by using TDE than not using it.   It seems more likely (to me) that we will hit a bug with TDE or that we would break it ourselves (where did I put that $%^& key?) than having someone get to the underlying datafiles in a way that wouldn't have been possible with TDE in place.

And yes, we already encrypt all backups and any data in-transit (e.g. secure FTP).

Have said that, I realize that most people (and as far as I can tell ALL sercurity experts) feel that encryption is an absolute must.    So, I will try and keep an open mind about any responses that I receive.

Received on Fri Jan 18 2013 - 18:03:56 CET

Original text of this message