Re: Oracle TDE Question

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Thu, 25 Feb 2016 07:50:41 -0700
Message-ID: <56CF14C1.709_at_gmail.com>

IF you have Enterprise Manager Cloud Control 12.1.05 or 13c AND you have [the budget for] the licenses for Data Masking and Subsetting, that Pack has a nifty tool to identify and track sensitive columns.

Basically you define the pattern of columns name AND/OR pattern of data that is sensitive (SSN, phone, etc) and let the tool crawl the database to identify the columns that meet the criteria.

It's a LOT more robust than that.

Fair heads-up: I am upgrading the Oracle University Database Security curriculum to include this material.

/Hans

On 25/02/2016 7:40 AM, Chris Taylor wrote:
> Yep yep. Testing is a big priority for me. My recommendation is
> pushing back on the business to identify what data objects are
> sensitive and we move those objects and associated indexes to
> encrypted tablespaces. Non-sensitive data (afaik) shouldn't need
> encrypting.
>
> Thanks!
>
> Chris
>
>
> On Thu, Feb 25, 2016 at 8:32 AM, Hans Forbrich
> <fuzzy.graybeard_at_gmail.com <mailto:fuzzy.graybeard_at_gmail.com>> wrote:
>
> Yes. It is supported to have a mix of tablespaces within the same
> instance. Note that Indexes are not forced to be on the 'same
> type' of tablespace, so that could be cause for concern and
> additional administration diligence.
>
> Depending on the hardware, and depending on the encryption
> overhead it is very reasonable to consider putting non-sensitive
> data in unencrypted tablespaces. However, with modern hardware,
> possibly minimal and even negligible impact is possible. As usual
> - test for yourself, within your own environment.
>
> /Hans
>
> On 25/02/2016 6:54 AM, Chris Taylor wrote:
>> I think I know the answer to this question, but want to confirm
>> for completeness.
>>
>> When you use Oracle TDE (with the appropriate licenses of
>> course), is it supported to have both non-encrypted tablespaces
>> and encrypted tablespaces in the same database, correct?
>>
>> If it's not I'd be surprised but wanted to confirm.
>>
>> Thanks!
>>
>> Chris Taylor
>>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Feb 25 2016 - 15:50:41 CET

This message: [ Message body ]
Next message: MJ Mody: "Re: Oracle TDE Question"
Previous message: Li Li: "Re: Oracle TDE Question"
Maybe in reply to: Chris Taylor: "Oracle TDE Question"
Next in thread: MJ Mody: "Re: Oracle TDE Question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message