Re: Question on encryption use case

Anyone has any thoughts on this, usage of TDE with HSM ?

On Sun, 5 Nov, 2023, 10:47 am Lok P, <loknath.73_at_gmail.com> wrote:

> Yes, that is an option. But then moving the data to the downstream system,
> do we need to also move the encryption keys to those environments for
> decryption? I believe that will breach the PCI requirement again?
>
> I was wondering if anybody used TDE with HSM option, and how that will
> help in satisfying the PCI requirement.
>
> On Sun, Nov 5, 2023 at 10:40 AM yudhi s <learnerdatabase99_at_gmail.com>
> wrote:
>
>> I think if you don't have an option to store clear text , you may go for
>> using dbms_crypto for encrypting the column itself while loading/persisting
>> in your database.
>>
>> On Sun, Nov 5, 2023 at 2:37 AM Lok P <loknath.73_at_gmail.com> wrote:
>>
>>> Hello All,
>>> We are using Oracle version 19C and its Exadata for most of the
>>> databases.
>>>
>>> Creating this thread to understand how people cater to the payment
>>> industry security requirement (i.e. PCI standard needs) through encryption.
>>> Which is as below,
>>>
>>> https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards
>>>
>>> As I understand it highlights that TDE is not enough as that encrypts
>>> the column at storage but we need to encrypt things while storing such that
>>> it won't be viewable by anybody or application users. And the key
>>> management also has to happen outside the encryption/decryption zone.
>>>
>>> Few of the third party team members suggested using Oracle TDE with HSM
>>> to cater to this PCI requirement. We are already using Oracle
>>> TDE(Tablespace encryption). But hearing this(Oracle TDE with HSM) for the
>>> first time, I want to check here if anybody has experience using this in
>>> the past and this will really suffice the PCI standard security needs?
>>>
>>> Regards
>>> Lok
>>>
>>>
>>>
>>>

--
http://www.freelists.org/webpage/oracle-l