Data Redaction

UPDATE: In addition to Oracle Database 12c, Data Redaction is now available on Oracle Database 11g Release 2. To get started, download patch set from My Oracle Support.

Oracle Advanced Security Data Redaction provides selective, on-the-fly redaction of sensitive data in SQL query results prior to display by applications so that unauthorized users cannot view the sensitive data. It enables consistent redaction of database columns across application modules accessing the same database information. Data Redaction minimizes changes to applications because it does not alter actual data in internal database buffers, caches, or storage, and it preserves the original data type and formatting when transformed data is returned to the application. Data Redaction has no impact on database operational activities such as backup and restore, upgrade and patch, and high availability clusters. Unlike historical approaches that require making changes to applications or proxying components of the database, Data Redaction policies are enforced directly in the database kernel, resulting in tighter security and better performance.

Data Redaction Overview

Declarative redaction policies can apply different data transformations such as partial, random, and full redaction. Data Redaction can be applied conditionally, based on different factors that are tracked by the database or passed to the database by applications such as user identifiers, application identifiers, or client IP addresses. A redaction format library provides pre-configured column templates to choose from for common types of sensitive information such as credit card numbers and national identification numbers. Once enabled, redaction polices are enforced immediately, even for active sessions.

Data Redaction fully supports Oracle Multitenant. When moving a pluggable database (PDB) that has redaction policies, the policies transfer directly to the new multitenant container database as part of the PDB. Redaction resumes its normal operation after the PDB has been plugged in and configured.

Customer References

 Montage: Customers Discuss Using Data Redaction to Limit Exposure of Sensitive Data in Their Applications (Video)
 Infinity Insurance Uses Encryption and Redaction, Sees Zero Impact on Applications and No Performance Degradation (Video | Success Cast)
 Epsilon Uses TDE to Encrypt Cardholder Data and Redaction to Protect PII (Video 1 | Video 2 | Success Cast)
 Neustar Leverages TDE and Data Redaction to Protect SaaS Analytical Application Data (Success Story)
 Sabre Discusses Using Data Redaction to Conceal Traveler Data (Video)
 More Oracle Advanced Security Customers

Security Solutions

Oracle Database Vault
Oracle Advanced Security
Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking and Subsetting


Oracle Advanced Security
Database Security Inside Out

Discussion Forums

Oracle Audit Vault and Database Firewall

Technical Information

 Datasheet - Oracle Advanced Security with Oracle Database 12c
 White Paper - Encryption and Redaction in Oracle Database 12c with Oracle Advanced Security
 Documentation - Oracle Advanced Security in Oracle Database 12c
 Example of Setting Up Data Redaction (Oracle Magazine, Jan 2014, Arup Nanda)

Instructional Videos

 Demonstration - Configuring Data Redaction for a Sample Call Center Application
 OpenWorld 2014 Session on Oracle Advanced Security (OU Streams Video)
 OpenWorld 2014 Live: Data Redaction on Oracle BigData/Hadoop. Click here (Thomas Kurian Keynote, 23rd minute) and here (Andy Mendelsohn Keynote, 55th minute)

Video Dramatizations

 Shedding Light on Security - An IT Team Discovers How Data Redaction Can Conceal PII Data in Their Call Center Application

Security Features

Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing