oracle-db12c-logo

Transparent Data Encryption


Oracle Advanced Security Transparent Data Encryption (TDE) stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace files and attacks from thieves attempting to read information from acquired disks or backups are denied access to the clear text data.


TDE Overview

Out of the box, TDE provides industry standard strong encryption for the database, full key lifecycle management, and integrated support for Oracle Database tools and technologies. TDE enables encryption of database columns or entire application tablespaces. Its high-speed cryptographic operations make performance overhead negligible in most applications. The two-tier encryption key architecture provides easy administration of keys, enforces clear separation of keys from encrypted data, and provides assisted key rotation – without having to re-encrypt data. The keystore can be managed using a convenient web console in Oracle Enterprise Manager or using a command-line. In addition, TDE integrates directly with frequently used Oracle Database tools and technologies including Oracle Advanced Compression, Automatic Storage Management (ASM), Recovery Manager (RMAN), Data Pump, GoldenGate, and more. In Oracle engineered systems, TDE gets a performance boost from hardware cryptographic acceleration provided by Intel® AES-NI and Oracle SPARC T-series processors. TDE further benefits from Exadata Smart Scans, rapidly decrypting data in parallel on multiple storage cells, and from Exadata Hybrid Columnar Compression (EHCC), reducing the total number of encryption and decryption operations performed.

Transparent Data Encryption fully supports Oracle Multitenant. When moving a pluggable database (PDB) that contains encrypted data, the TDE master keys for that PDB are transferred separately from the encrypted data to maintain proper security separation during transit. TDE encryption resumes its normal operation after the PDB has been plugged in and configured.


Customer References


 Montage: Customers Discuss Using Oracle Advanced Security TDE to Encrypt Sensitive Data (Video)
 Infinity Insurance Uses Encryption and Redaction, Sees Zero Impact on Applications and No Performance Degradation (Video | Success Cast)
 Epsilon Uses TDE to Encrypt Cardholder Data and Redaction to Protect PII (Video 1 | Video 2 | Success Cast)
 Qatar Olympic Committee Deploys Database Security (Success Story)
 SuddenLink Uses Transparent Data Encryption to Encrypt HR and Customer Data (Success Cast)
 T-Mobile Encrypts Subscriber Data With Oracle Advanced Security (Video | Success Cast)
 Square Two Encrypts Sensitive Financial Data (Video | Success Cast)
 Columbia University Encrypts PeopleSoft Data With Oracle Advanced Security (Success Cast)
 TransUnion Encrypts Financial and Credit Data (Video | Magazine Article | Success Cast | Webcast)
 Serviço Federal de Processamento de Dados – Serpro Encrypts Brazilian Government Data (Success Story)
 Ross Stores Encrypts PCI and PII Data With Oracle Advanced Security (Success Cast)
 Oracle Advanced Security Helps Sabre Comply with PCI-DSS Encryption Requirements (Success Cast | iPhone)
 National Marrow Donor Program Encrypts Healthcare Data (Video)
 Educational Testing Services (ETS) Encrypts Student Data (Video | Success Story | Success Cast | Magazine Article)
 South Korean Travel Firm Hanatour Encrypts Customer Data (Success Story)
 IBI Group Encrypts Road Tolling Data for PCI DSS Compliance (Success Cast)
 Philadelphia College of Osteopathic Medicine Encrypts Healthcare Data (Success Cast)
 Korean Shilla Savings Bank Encrypts Financial Data with Transparent Data Encryption (Success Story)
 More Oracle Advanced Security Customers

Blogs


Oracle Advanced Security
Database Security Inside Out

Discussion Forums


Security
Oracle Audit Vault and Database Firewall

Technical Information


 Datasheet - Oracle Advanced Security with Oracle Database 12c
 White Paper - Encryption and Redaction in Oracle Database 12c with Oracle Advanced Security
 Documentation - Oracle Advanced Security in Oracle Database 12c
 Oracle Database 11g Release 2 - TDE Best Practices
 Oracle Database 11g Release 2 - TDE Frequently Asked Questions (FAQ)

Instructional Videos


 Demonstration - Configuring TDE and Key Management in Oracle Database 12c

Video Dramatizations


 Prescription for Disaster - Unencrypted Medical Prescription Data Is Stolen from a Pharmacy Company
 An IT Security Officer Is Given Only Three Weeks to Encrypt the Company's Oracle Data

Security Solutions


Oracle Database Vault
Oracle Advanced Security
Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking

Security Features


Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing


In-Memory Replay Banner