Re: Oracle TDE Question

From: Hans Forbrich <>
Date: Thu, 25 Feb 2016 07:50:41 -0700
Message-ID: <>

IF you have Enterprise Manager Cloud Control 12.1.05 or 13c AND you have [the budget for] the licenses for Data Masking and Subsetting, that Pack has a nifty tool to identify and track sensitive columns.

Basically you define the pattern of columns name AND/OR pattern of data that is sensitive (SSN, phone, etc) and let the tool crawl the database to identify the columns that meet the criteria.

It's a LOT more robust than that.

Fair heads-up: I am upgrading the Oracle University Database Security curriculum to include this material.


On 25/02/2016 7:40 AM, Chris Taylor wrote:
> Yep yep. Testing is a big priority for me. My recommendation is
> pushing back on the business to identify what data objects are
> sensitive and we move those objects and associated indexes to
> encrypted tablespaces. Non-sensitive data (afaik) shouldn't need
> encrypting.
> Thanks!
> Chris
> On Thu, Feb 25, 2016 at 8:32 AM, Hans Forbrich
> < <>> wrote:
> Yes. It is supported to have a mix of tablespaces within the same
> instance. Note that Indexes are not forced to be on the 'same
> type' of tablespace, so that could be cause for concern and
> additional administration diligence.
> Depending on the hardware, and depending on the encryption
> overhead it is very reasonable to consider putting non-sensitive
> data in unencrypted tablespaces. However, with modern hardware,
> possibly minimal and even negligible impact is possible. As usual
> - test for yourself, within your own environment.
> /Hans
> On 25/02/2016 6:54 AM, Chris Taylor wrote:
>> I think I know the answer to this question, but want to confirm
>> for completeness.
>> When you use Oracle TDE (with the appropriate licenses of
>> course), is it supported to have both non-encrypted tablespaces
>> and encrypted tablespaces in the same database, correct?
>> If it's not I'd be surprised but wanted to confirm.
>> Thanks!
>> Chris Taylor

Received on Thu Feb 25 2016 - 15:50:41 CET

Original text of this message