Advanced Security
Protect data in tablespaces with transparent data encryption (TDE) and dynamically redact sensitive information returned by queries. Oracle Advanced Security combines these capabilities with quantum-resistant algorithms to defend against unauthorized access, ransomware, and future threats—in one easy-to-configure solution.
2025 KuppingerCole Leadership Compass for Data Security Platforms
Discover why KuppingerCole recognized Oracle as a Leader in database security
Why Oracle Advanced Security?
Meet compliance requirements
Encrypting data at rest helps organizations comply with regulations such as EU GDPR, PCI DSS, and HIPAA by protecting sensitive information from unauthorized access. Strong encryption demonstrates proactive data security, supports audit readiness, and can reduce the impact and notification requirements in the event of a breach, enhancing both regulatory compliance and data protection.
Prevent out-of-band access to data
Use transparent data encryption to ensure data is only accessible via the database, not directly from files or backups. Strong encryption with quantum-resistant algorithms render data useless to attackers and provides protection against “harvest now, decrypt later” threats.
Prevent exposure of sensitive data
Control the ability to view sensitive data based on granular conditions, such as IP address, program used, time of day, and more, with data redaction policies.
Oracle Advanced Security features
Modern databases face threats from ransomware, insider access, and quantum computing. Advanced Security addresses all three: Transparent Data Encryption (TDE) with quantum-resistant algorithms protects data at rest against current and future threats, while Data Redaction controls what sensitive information users see in real-time—both working seamlessly within Oracle AI Database.
Transparent data encryption
TDE encrypts data transparently within Oracle AI Database, securing entire tablespaces or specific sensitive columns without requiring application logic changes. Oracle AI Database 26ai integrates cryptographic algorithms necessary to help protect your database against quantum attacks.
Flexible key management
Store TDE master keys securely in Oracle Wallet, Oracle Key Vault, or OCI Vault. Oracle Key Vault integrates with Hardware Security Modules (HSMs) to enhance security and support regulatory compliance. Centralized key management simplifies administration and enforces strong access controls. Encrypt data quickly with system-generated keys or use your own encryption keys with the bring-your-own-key (BYOK) capability.
Encrypt exports
Sensitive data exported with Data Pump can be automatically encrypted using strong cryptographic algorithms. This ensures all exported files are protected in transit and at rest, preventing unauthorized read-access even if files are intercepted or misplaced outside the secure database environment.
Encrypt backups
RMAN automatically handles TDE-encrypted backups. Depending on your backup parameters, RMAN either preserves the existing TDE encryption or applies additional backup encryption using a password-derived key. To restore encrypted backups, you'll need either the password or access to the original TDE master encryption key.
Redact data
Oracle Data Redaction dynamically modifies query result sets before they reach end users, masking or replacing sensitive data based on user roles, APEX session states, label dominance, or session context (such as IP address or time). Policies are defined in the database and enforced in real-time, ensuring sensitive information is only revealed to authorized users and applications.
Certified by enterprise applications
TDE is certified and supported for use with a wide range of Oracle and certified third-party packaged applications, helping organizations protect sensitive data in mission-critical environments while maintaining regulatory compliance.
Customer Highlight
Epsilon uses Oracle Advanced Security to encrypt customer data
“Security is a big concern to our customers, because we do have PII information. Oracle does a great job in the security area for us. We really feel like, especially as we move into the cloud, that Transparent Data Encryption gives us the ability to control that encryption process. We have the keys to our data.”
—Keith Wilcox, Vice President, Database Administration, Epsilon
Resources
Know more
- Advanced Security Datasheet (PDF)
- Encryption and Redaction with Oracle Advanced Security Technical Report (PDF)
- Advanced Security TDE FAQ (HTML)
- Advanced Security Data Redaction FAQ (HTML)
- Video: Data Redaction 101 (8:30)
- Transparent Data Encryption documentation (HTML)
- Data Redaction documentation (HTML)
AskTOM Oracle Database Security Office Hours
AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.
LiveLabs Workshop: Oracle Advanced Security
This workshop introduces Oracle Advanced Security’s features: Transparent data encryption (TDE) and data redaction. Explore how to configure these features to protect databases and the data contained therein. Run this workshop on your own tenancy or reserve a time to run the workshop on LiveLabs, free of charge.
Securing Oracle AI Database 26ai for the Quantum Era
Vipin Samar, Senior Vice President, Database SecurityAs quantum computing rapidly evolves, widely used cryptographic algorithms such as RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC) are becoming increasingly vulnerable. This future but distinct possibility of breaking cryptography opens up a risk popularly known as “harvest-now/decrypt-later“. We are excited to announce that Oracle AI Database 26ai is among the first database systems to provide quantum-safe TLS for encrypting network connections. Oracle AI Database 26ai supports the use of NIST-approved AES-256 symmetric encryption algorithms, offering strong protection against both classical and quantum threats for its components.
Featured database security blogs
- October 14, 2025Celebrating 5 Years of Innovation with Oracle Audit Vault and Database Firewall (AVDF)
- October 10, 2025Oracle Key Vault: Extending deeper into your environment
- October 9, 2025Simplifying Database Security Compliance at Scale with Oracle Data Safe
- September 13, 2025Hands-on with Data Redaction enhancements in Oracle Database
- Continue ReadingSee all
Get started with Oracle database security
Try Advanced Security
Experience Advanced Security by configuring your key use cases on LiveLabs. This lab focuses on Oracle Advanced Security features such as Transparent Data Encryption (TDE) and Data Redaction. Explore how to set up these capabilities to protect your databases and sensitive data. Run this workshop in your own tenancy or reserve a time to use LiveLabs, free of charge.
Try Data Redaction on Autonomous Database
Experience the latest enhancements to Data Redaction in Oracle AI Database 26ai. This lab focuses on creating redaction policies that selectively mask sensitive information on Oracle AI Autonomous Database.
Try Data Redaction on REST results
Experience dynamic data masking in action by using Data Redaction to protect sensitive information in API requests and responses. In this lab, you’ll learn how to control data visibility and help ensure that personal and confidential information stays protected, enhancing application security and supporting compliance with standards like GDPR, HIPAA, and more.
Contact sales
Talk to a team member about Oracle Database security.