Re: Question on encryption use case

Yes, that is an option. But then moving the data to the downstream system, do we need to also move the encryption keys to those environments for decryption? I believe that will breach the PCI requirement again?

I was wondering if anybody used TDE with HSM option, and how that will help in satisfying the PCI requirement.

On Sun, Nov 5, 2023 at 10:40 AM yudhi s <learnerdatabase99_at_gmail.com> wrote:

> I think if you don't have an option to store clear text , you may go for
> using dbms_crypto for encrypting the column itself while loading/persisting
> in your database.
>
> On Sun, Nov 5, 2023 at 2:37 AM Lok P <loknath.73_at_gmail.com> wrote:
>
>> Hello All,
>> We are using Oracle version 19C and its Exadata for most of the
>> databases.
>>
>> Creating this thread to understand how people cater to the payment
>> industry security requirement (i.e. PCI standard needs) through encryption.
>> Which is as below,
>>
>> https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards
>>
>> As I understand it highlights that TDE is not enough as that encrypts
>> the column at storage but we need to encrypt things while storing such that
>> it won't be viewable by anybody or application users. And the key
>> management also has to happen outside the encryption/decryption zone.
>>
>> Few of the third party team members suggested using Oracle TDE with HSM
>> to cater to this PCI requirement. We are already using Oracle
>> TDE(Tablespace encryption). But hearing this(Oracle TDE with HSM) for the
>> first time, I want to check here if anybody has experience using this in
>> the past and this will really suffice the PCI standard security needs?
>>
>> Regards
>> Lok
>>
>>
>>
>>

--
http://www.freelists.org/webpage/oracle-l