RE: encryption

From: TJ Kiernan <tkiernan_at_pti-nps.com>
Date: Tue, 19 Mar 2013 12:23:16 -0500
Message-ID: <3DC440E2338A24439D527C2E64E1ECBCA854ED_at_deeds.pti-nps.com>

I would strongly recommend the 2nd edition of Expert Oracle Database Architecture. Chapter 16 is all about encryption, and it first draws the distinction between encrypting data at rest (on disk) and data in motion (network traffic). Tom breaks down the difference between the two, the advantages & gotchas (such as CPU overhead and encrypting indexed columns and losing range scans), tablespace-level encryption (available in 11g TDE), and a how-to setup TDE. If reading is not your thing, the Oracle has some webcasts on the subject as well. They're marketing material, but there's some good background "what problems can we solve with encryption" information as well.

"Encrypt THE DATABASES," is potentially a very tall order, and you need to understand the risks that your security team is trying to mitigate before you can make any sort of recommendation on the appropriate course of action (what Ryan said). Is there data that internal users shouldn't access (PCI/HIPAA/HITECH Act)? That may be Virtual Private Database (included in EE) instead of encryption and possibly Database Vault. What about encrypting backups?

This is a big subject. Too big for an email list, imho. Mitigating your risks will certainly cost time and almost certainly money. Understand the objectives so you can find the best tools for the job.

Thanks,
T. J.
�

-----Original Message-----

From: Zelli, Brian [mailto:Brian.Zelli_at_RoswellPark.org] Sent: Tuesday, March 19, 2013 11:44 AM
To: TJ Kiernan; andy_at_oracledepot.com
Cc: gints.plivna_at_gmail.com; oracle-l_at_freelists.org Subject: RE: encryption

Ok, our "security" team is telling us we have to encrypt the databases. If people have sqlplus or sqldev access or what sucks is MS Access front ends to databases it would not be encrypted? Or would they need something on their machine to de-crypt?

ciao,
Brian

Brian Zelli
Senior Database Administrator
Enterprise Apps/Sys Integration
Roswell Park Cancer Institute
(716) 845-4460
brian.zelli_at_roswellpark.org

--

http://www.freelists.org/webpage/oracle-l Received on Tue Mar 19 2013 - 18:23:16 CET

This message: [ Message body ]
Next message: Upendra N: "RE: encryption"
Previous message: Hans Forbrich: "Re: encryption"
In reply to: Zelli, Brian: "RE: encryption"
Next in thread: Steve Montgomerie: "Re: encryption"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message