RE: Encryption
- From: Sallie Cottingham <Sallie.Cottingham@xxxxxxxxxx>
- To: Kellyn Pot'Vin-Gorman <dbakevlar@xxxxxxxxx>, Beckstrom Jeffrey <jbeckstrom@xxxxxxxxx>
- Date: Tue, 17 Mar 2020 17:09:48 +0000
Thanks everyone for the feedback! I had been researching TDE and thought it
was what I needed but wanted to get input from folks who had actually done it.
From: Kellyn Pot'Vin-Gorman <dbakevlar@xxxxxxxxx>
Sent: Tuesday, March 17, 2020 11:44 AM
To: Beckstrom Jeffrey <jbeckstrom@xxxxxxxxx>
Cc: Sallie Cottingham <Sallie.Cottingham@xxxxxxxxxx>; Clay Jackson (cjackson)
<Clay.Jackson@xxxxxxxxx>; oracle-l-freelist <oracle-l@xxxxxxxxxxxxx>
Subject: Re: Encryption
Hi Sallie,
"What Jeff said" for your solution. TDE and obfuscation is the most modern and
reliable choice for your Oracle database challenge if you want to stay with an
Oracle product. There are other products on the market that can do this as
well.
Kellyn Pot'Vin-Gorman
DBAKevlar Blog<http://dbakevlar.com>
about.me/dbakevlar<http://about.me/dbakevlar>
On Tue, Mar 17, 2020 at 9:25 AM Jeffrey Beckstrom
<jbeckstrom@xxxxxxxxx<mailto:jbeckstrom@xxxxxxxxx>> wrote:
Transparent Data Encryption will encrypt the data at rest (on disk). If you
want to encrypt it in memory as well then you would need to use the
DBMS_OBFUSCATION package to encrypt and decrpt the data in your sql.
Jeffrey Beckstrom
Lead Database Administrator
Information Technology Department
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113
"Clay Jackson (cjackson)"
<Clay.Jackson@xxxxxxxxx<mailto:Clay.Jackson@xxxxxxxxx>> 3/17/20 12:11 PM >>>
Hi, Sallie - in my last “real” DBA job, before I moved to Quest and started
doing Sales Engineering stuff; we used Virtual Private Database for just
exactly the same type of thing you outlined.
We had one column in one table that contained a Tax ID number, and needed to
protect it. VPD was the easiest solution for us.
I might have some examples, or be able to come up with something when I’m back
in my (home) office later today.
At least then (Oracle 11), it did require Advanced Security.
Sent from my iPhone
Clay Jackson
Quest Software
On Mar 17, 2020, at 7:30 AM, Sallie Cottingham
<Sallie.Cottingham@xxxxxxxxxx<
mailto:Sallie.Cottingham@xxxxxxxxxx>> wrote:
CAUTION: This email originated from outside of the organization. Do not follow
guidance, click links, or open attachments unless you recognize the sender and
know the content is safe.
What are your thoughts/experiences with encryption?
We have one very old database that stores SSN in several tables (did I say it
is old and definitely not normalized?). The system is currently being
rewritten but in the meantime, we are looking to see Oracle options for
encryption. In your experiences how have you handled just one element
encryption or one element in several locations?
I’m also assuming this will require an additional license – is that correct?
Sallie Cottingham
Database Administrator
Comptroller of the Treasury
Technology Solutions
425 Fifth Avenue North
Nashville, TN 37243-34001
sallie.Cottingham@xxxxxxxxxx<
mailto:sallie.Cottingham@xxxxxxxxxx>
615-401-7962
<
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3D2LIbXg4PBUmsyXNR-FBv9vKJmJb3wIJGtlfwguW_b_tUOENWVkxEUUZOT0pHS00xSk1NVzZZSDBVRy4u&data=02%7C01%7Cclay.jackson%40quest.com%7C87f172e4b6534957b4c808d7ca7fb028%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637200522078453373&sdata=jWLSIC%2Ft6LMjQugQxAlTRGXjkzXIDiQnB5k9dk%2BMfmE%3D&reserved=0>
<image001.png><
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3D2LIbXg4PBUmsyXNR-FBv9vKJmJb3wIJGtlfwguW_b_tUOENWVkxEUUZOT0pHS00xSk1NVzZZSDBVRy4u&data=02%7C01%7Cclay.jackson%40quest.com%7C87f172e4b6534957b4c808d7ca7fb028%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637200522078453373&sdata=jWLSIC%2Ft6LMjQugQxAlTRGXjkzXIDiQnB5k9dk%2BMfmE%3D&reserved=0>
Other related posts: