Question on encryption use case

From: Lok P <loknath.73_at_gmail.com>
Date: Sun, 5 Nov 2023 02:36:25 +0530
Message-ID: <CAKna9VZ0oeFVnZkwoM6qhzpY4deMJFD5CXmSCrpsNGSNS1_8GQ_at_mail.gmail.com>

Hello All,
We are using Oracle version 19C and its Exadata for most of the databases.

Creating this thread to understand how people cater to the payment industry security requirement (i.e. PCI standard needs) through encryption. Which is as below,
https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards

As I understand it highlights that TDE is not enough as that encrypts the column at storage but we need to encrypt things while storing such that it won't be viewable by anybody or application users. And the key management also has to happen outside the encryption/decryption zone.

Few of the third party team members suggested using Oracle TDE with HSM to cater to this PCI requirement. We are already using Oracle TDE(Tablespace encryption). But hearing this(Oracle TDE with HSM) for the first time, I want to check here if anybody has experience using this in the past and this will really suffice the PCI standard security needs?

Regards
Lok

--
http://www.freelists.org/webpage/oracle-l

Received on Sat Nov 04 2023 - 22:06:25 CET

This message: [ Message body ]
Next message: yudhi s: "Re: Question on encryption use case"
Previous message: DOUG KUSHNER: "Re: Error removing ACE / ACL"
Next in thread: yudhi s: "Re: Question on encryption use case"
Reply: yudhi s: "Re: Question on encryption use case"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message