Re: TDE

From: DA Morgan <damorgan_at_psoug.org>
Date: Thu, 25 Dec 2008 21:10:02 -0800
Message-ID: <1230319660.754034@bubbleator.drizzle.com>


Christian wrote:
> Oracle TDE encrypts the data in the database so the data is secure on
> the disk and on backups. If you want network security as well, Oracle
> offers a different technology that's licensed in the same Oracle
> Advanced Security pack. I agree that encrypting content to the
> application wouldn't be practical because you'd have to change all of
> your applications and add encryption capabilitites there.
>
> You should also think about where you store the encryption keys.
> Storing them in the ewallet is a little bit like leaving the key in
> the lock. I would recommend that you use an HSM to protect the keys
> (that way they won't end up on the same backup tape either). HSMs also
> include features to separate the duties between database and security
> administration. It's not that you should distrust database
> administrators - in heavily regulated environments most of us work in,
> you need to show that you have internal controls in place to ensure
> that no one person has the power to the entire system.

If anyone wants to actually see TDE at work use it with an external table. I have a demo here:
http://www.psoug.org/reference/tde.html

-- 
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Thu Dec 25 2008 - 23:10:02 CST

Original text of this message