Back to the Advanced Security home page

Transparent Data Encryption

Transparent Data Encrytion Oracle Database 11g Transparent Data Encryption, introduced with Oracle Database 10gR2 as a component of the Advanced Security Option, supports your PCI compliance efforts by transparently encrypting data when it is written to disk and decrypting it when it is read back to the authorized user. Applications don't have to be modified, and authorized users won't even notice the fact that the data has been encrypted on the storage media.
"I wouldn't trust the encryption of our content to anything or anyone else"
Andy Barrett, CTO Yuntaa NV

New in Oracle Database 11g: TDE tablespace encryption

TDE tablespace encryption makes stored data encryption even easier: Without any storage increase, define a tablespace as 'encrypted' and use it to store your sensitive data; the limitations of TDE column encryption in terms of foreign keys, range scans and unsupported data types don't apply anymore. There are no functional differences between clear-text and encrypted tablespaces, even execution plans don't change.

The following Oracle Applications are certified with Oracle Advanced Security TDE tablespace encryption in Oracle Database 11gR1:
  • Oracle E-Business Suite 11i (OracleMetaLink note 828223.1)
  • Oracle PeopleSoft Enterprise
  • Oracle Siebel CRM
  • Oracle JD Edwards EnterpriseOne

New in Oracle Database 11g: Hardware Security Module support

For centralized key storage and high assurance key protection, TDE can be configured to work with network based Hardware Security Modules (HSM). RSA, SafeNet (incl. Ingrian) and Thales (incl. nCipher) have certified their HSM devices to provide key management for the Oracle TDE master encryption key.

New in Oracle Database 11g: 'SecureFile' LOB encryption

Sensitive documents (contracts, X-ray images etc.) are often scanned and stored electronically. Now they can benefit from the increased security of the Oracle Database: The new 'SecureFile' LOB in Oracle Database 11g can be encrypted.


For backward compatibility, both the DBMS_OBFUSCATION_TOOLKIT and the newer, more powerful DBMS_CRYPTO package are still available with Oracle Database 11g.

While data encryption should not be used as a substitute for access control, storing data encrypted does provide an additional layer of protection on storage media, including export files created with Oracle Data Pump, backups generated with Oracle RMAN or Oracle Secure Backup. This helps protect sensitive data such as credit card numbers in the event of media theft. Media theft can occur due to poor physical security, operating system configuration or backup processes.


Technical Information

Transparent Data Encryption Best Practices
Frequently Asked Questions
Technical White Paper
Datasheet

Hands-On:

Using Transparent Data Encryption
 
Free Download

Learn More
· Oracle by Example: Database Security

Security Options
· Oracle Database Vault
· Oracle Advanced Security
· Oracle Label Security
· Oracle Secure Backup

Security Features
· Data Encryption
· Virtual Private Database
· Database Auditing
· Backup Encryption
· Proxy Authentication
· Enterprise User Security
· Secure Application Roles
· Fine Grained Auditing

Related Technologies
· Audit Vault
· Secure Backup
· Configuration Management
· Information Rights Management
· Identity Management

Previous Releases
· Oracle10g R2 Security
· Oracle9iR2 Security
· Oracle9i Security

Discussion Forums
· Audit Vault
· Security
· Database
E-mail this page
Printer View Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy