Thanks Job. Sometimes marketing team presents the stuff in such a way that manager thinks that there are tools provided by oracle that can do all without moving the environment. I never look to Oracle Data Masking Pack and will surely check it Sanjay ________________________________ From: Job Miller <jobmiller@xxxxxxxxx> To: oracle-l@xxxxxxxxxxxxx; smishra_97@xxxxxxxxx Sent: Thu, May 6, 2010 9:08:13 PM Subject: Re: PCI/SOX Datagase environment the Oracle Data Masking solution requires you "clone" production first because it masks the data in the database. You clone and mask in that order. if you masked first, you just scrambled your production data. <quote> Unlike traditional masking processes that are typically slow, Oracle Data Masking Pack uses highly efficient parallelized bulk operations to replace the original sensitive data with masked data. Because the entire data masking process is done in place, enterprises can be assured of a greater sense of security knowing that the sensitive data would never leave the database during the masking process. </quote> it is done in place, which means it operates on an already existing clone. <quote> Oracle Data Masking Pack is also integrated with Oracle Provisioning and Patch Automation Pack in Oracle Enterprise Manager to clone-and-mask via a single workflow. The secure high performance nature of Oracle Data Masking combined with the end-to-end workflow ensures that enterprise can provision test systems from production rapidly instead of days or weeks that it would with separate manual processes. </quote> maybe your security manager got confused by oracle marketing and thought secure masking meant the data wasn't moved before masking. Oracle says it doesn't require moving your data off to some other server to scrub it.. it does it "in place" in the clone. hope that helps. Job --- On Thu, 5/6/10, Sanjay Mishra <smishra_97@xxxxxxxxx> wrote: >From: Sanjay Mishra <smishra_97@xxxxxxxxx> >Subject: PCI/SOX Datagase environment >To: oracle-l@xxxxxxxxxxxxx >Date: Thursday, May 6, 2010, 5:25 PM > > >Hi > >I had one PCI/Sox Oracle Ebusiness Suite environment. I had to refresh QA >environment which was done few time earlier but due to new security Manager, >he stopped and told that I can only be able to refresh if I can first Masked >the data in Prod and then move the Data to QA and make sure the secure data is >either not moved to scrumbled before moving to QA > >Data in Prod is already encrypted but he ask for some Oracle Solution to mask >the data before moving to QA. I told that Data is already envrypted and I can >do more required masking afer it is moved to QA and before handing to the >user. But it is not acceptable and looking for Oracle Solution > >So I am sure several Great DBA in this group are in such kind of secure >environemnt and want to know how it was handled. >1. Is it possible to use any Oracle Security tool to make it happen in >Production before moving the Db Backup to QA >2. Any document provided by Oracle to handle such senario > >Any comments or Links is very appreciated > > >TIA >Sanjay >