Re: Question on encryption use case

From: Rajeev Prabhakar <rprabha01_at_gmail.com>
Date: Wed, 8 Nov 2023 05:22:55 -0500
Message-ID: <BD352CFA-8A7D-49DD-91D5-602C82D61482_at_edison.tech>

Lok,

From what I know, for PCI data protection

requirements :

protect stored card holder data &

encrypt transmission of cardholder

data..

As regards “ but we need to encrypt things

while storing such that it won't be viewable

by anybody or application users” seems to

me that you are talking about requirement

“b” listed above..

If that’s correct & if you aren’t already using

it, please incorporate TLS (not SSL) to encrypt

control and management plane communications.

Regards,

Rajeev

>
> On Nov 8, 2023 at 1:41 AM, <Lok P (mailto:loknath.73_at_gmail.com)> wrote:
>
>
>
>
> Anyone has any thoughts on this, usage of TDE with HSM ?
>
>
>
> On Sun, 5 Nov, 2023, 10:47 am Lok P, <loknath.73_at_gmail.com (mailto:loknath.73_at_gmail.com)> wrote:
>
> >
> > Yes, that is an option. But then moving the data to the downstream system, do we need to also move the encryption keys to those environments for decryption? I believe that will breach the PCI requirement again?
> >
> > I was wondering if anybody used TDE with HSM option, and how that will help in satisfying the PCI requirement.
> >
> >
> >
> > On Sun, Nov 5, 2023 at 10:40 AM yudhi s <learnerdatabase99_at_gmail.com (mailto:learnerdatabase99_at_gmail.com)> wrote:
> >
> > >
> > > I think if you don't have an option to store clear text , you may go for using dbms_crypto for encrypting the column itself while loading/persisting in your database.
> > >
> > >
> > >
> > > On Sun, Nov 5, 2023 at 2:37 AM Lok P <loknath.73_at_gmail.com (mailto:loknath.73_at_gmail.com)> wrote:
> > >
> > > >
> > > > Hello All,
> > > > We are using Oracle version 19C and its Exadata for most of the databases.
> > > >
> > > >
> > > >
> > > > Creating this thread to understand how people cater to the payment industry security requirement (i.e. PCI standard needs) through encryption. Which is as below,
> > > >
> > > > https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards
> > > >
> > > >
> > > >
> > > >
> > > > As I understand it highlights that TDE is not enough as that encrypts the column at storage but we need to encrypt things while storing such that it won't be viewable by anybody or application users. And the key management also has to happen outside the encryption/decryption zone.
> > > >
> > > >
> > > >
> > > > Few of the third party team members suggested using Oracle TDE with HSM to cater to this PCI requirement. We are already using Oracle TDE(Tablespace encryption). But hearing this(Oracle TDE with HSM) for the first time, I want to check here if anybody has experience using this in the past and this will really suffice the PCI standard security needs?
> > > >
> > > >
> > > >
> > > > Regards
> > > >
> > > > Lok
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Nov 08 2023 - 11:22:55 CET

This message: [ Message body ]
Next message: Rajeev Prabhakar: "Re: Database Renaming"
In reply to Lok P: "Re: Question on encryption use case"
Next in thread: Lok P: "Re: Question on encryption use case"
Reply: Lok P: "Re: Question on encryption use case"
Reply: yudhi s: "Re: Column encryption use-case"
Reply: yudhi s: "Re: Column encryption use-case"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message