RE: Encryption

Thanks everyone for the feedback! I had been researching TDE and thought it was what I needed but wanted to get input from folks who had actually done it.

From: Kellyn Pot'Vin-Gorman <dbakevlar_at_gmail.com> Sent: Tuesday, March 17, 2020 11:44 AM
To: Beckstrom Jeffrey <jbeckstrom_at_gcrta.org> Cc: Sallie Cottingham <Sallie.Cottingham_at_cot.tn.gov>; Clay Jackson (cjackson) <Clay.Jackson_at_quest.com>; oracle-l-freelist <oracle-l_at_freelists.org> Subject: Re: Encryption

Hi Sallie,
"What Jeff said" for your solution. TDE and obfuscation is the most modern and reliable choice for your Oracle database challenge if you want to stay with an Oracle product. There are other products on the market that can do this as well.

Kellyn Pot'Vin-Gorman
DBAKevlar Blog<http://dbakevlar.com>
about.me/dbakevlar<http://about.me/dbakevlar>

On Tue, Mar 17, 2020 at 9:25 AM Jeffrey Beckstrom <jbeckstrom_at_gcrta.org<mailto:jbeckstrom_at_gcrta.org>> wrote: Transparent Data Encryption will encrypt the data at rest (on disk). If you want to encrypt it in memory as well then you would need to use the DBMS_OBFUSCATION package to encrypt and decrpt the data in your sql.

Jeffrey Beckstrom
Lead Database Administrator
Information Technology Department
Greater Cleveland Regional Transit Authority 1240 W. 6th Street
Cleveland, Ohio 44113

>>> "Clay Jackson (cjackson)" <Clay.Jackson_at_quest.com<mailto:Clay.Jackson@quest.com>> 3/17/20 12:11 PM >>>
Hi, Sallie - in my last “real” DBA job, before I moved to Quest and started doing Sales Engineering stuff; we used Virtual Private Database for just exactly the same type of thing you outlined.

We had one column in one table that contained a Tax ID number, and needed to protect it. VPD was the easiest solution for us.

I might have some examples, or be able to come up with something when I’m back in my (home) office later today.

At least then (Oracle 11), it did require Advanced Security. Sent from my iPhone
Clay Jackson
Quest Software

On Mar 17, 2020, at 7:30 AM, Sallie Cottingham <Sallie.Cottingham_at_cot.tn.gov<mailto:Sallie.Cottingham_at_cot.tn.gov>> wrote: 
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

What are your thoughts/experiences with encryption? We have one very old database that stores SSN in several tables (did I say it is old and definitely not normalized?). The system is currently being rewritten but in the meantime, we are looking to see Oracle options for encryption. In your experiences how have you handled just one element encryption or one element in several locations?

I’m also assuming this will require an additional license – is that correct?

Sallie Cottingham
Database Administrator
Comptroller of the Treasury
Technology Solutions
425 Fifth Avenue North
Nashville, TN 37243-34001
sallie.Cottingham_at_cot.tn.gov<mailto:sallie.Cottingham_at_cot.tn.gov> 615-401-7962

<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3D2LIbXg4PBUmsyXNR-FBv9vKJmJb3wIJGtlfwguW_b_tUOENWVkxEUUZOT0pHS00xSk1NVzZZSDBVRy4u&data=02%7C01%7Cclay.jackson%40quest.com%7C87f172e4b6534957b4c808d7ca7fb028%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637200522078453373&sdata=jWLSIC%2Ft6LMjQugQxAlTRGXjkzXIDiQnB5k9dk%2BMfmE%3D&reserved=0> <image001.png><https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3D2LIbXg4PBUmsyXNR-FBv9vKJmJb3wIJGtlfwguW_b_tUOENWVkxEUUZOT0pHS00xSk1NVzZZSDBVRy4u&data=02%7C01%7Cclay.jackson%40quest.com%7C87f172e4b6534957b4c808d7ca7fb028%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637200522078453373&sdata=jWLSIC%2Ft6LMjQugQxAlTRGXjkzXIDiQnB5k9dk%2BMfmE%3D&reserved=0>

--
http://www.freelists.org/webpage/oracle-l