Re: Oracle Vault?
- From: "Stefan Knecht" <knecht.stefan@xxxxxxxxx>
- To: Jay.Miller@xxxxxxxxxxxxxxxx
- Date: Sat, 8 Sep 2007 10:39:51 +0200
Jay I've recently set up an environment for just that purpose. What you're looking at is several important factors, to get as close as possible to prevent a dba from accessing the important data: - Separation of duties (once a DBA has got a shell as oracle software owner, your data can be viewed) - Use database vault to protect the sensitive data with a realm from direct access - Use TDE (transparent data encryption) to prevent a dba from restoring a backup, doing block dumps etc. The biggest "performance impact" you'll probably hit by the separation of duties ;-) TDE might also cost you some extra CPU, but you'd have to benchmark it in your environment. The Vault shouldn't do all that much to performance, but again, benchmark it to see if it works for you. Also, the vault isn't perfect. A lot of things don't work out of the box -- it's a very new product after all. I'll have a presentation on just this topic at SIOUG at the end of september. Once I'm done with it I can mail it your way if you're interested. Stefan On 9/7/07, Jay.Miller@xxxxxxxxxxxxxxxx <Jay.Miller@xxxxxxxxxxxxxxxx> wrote: > > Has anyone used this product and be able to comment on any performance > overhead involved? We're looking at means of encrypting senstive > information so sys/system accounts can't see it. > > > > -- ========================= Stefan P Knecht Consultant Infrastructure Managed Services Trivadis AG Europa-Strasse 5 CH-8152 Glattbrugg Phone +41-44-808 70 20 Fax +41-808 70 12 Mobile +41-79-571 36 27 stefan.knecht@xxxxxxxxxxxx http://www.trivadis.com OCP SCSA SCNA =========================
- Oracle Vault?
- From: Jay.Miller
- Oracle Vault?
Other related posts:
- » Oracle Vault?
- » Re: Oracle Vault?