Re: Oracle 11g Advanced Security Option

• From: "Stefan Knecht" <knecht.stefan@xxxxxxxxx>
• To: regdba@xxxxxxxxx
• Date: Thu, 4 Dec 2008 23:10:49 +0100

AFAIK ASO has always been an option to the enterprise edition - and
therefore subject to additional license cost.

There's several ways of doing encryption inside the database:

- Application-level encryption
You leave the encryption (and key management) to the application

- DBMS_CRYPTO (formerly DBMS_OBFUSCATION_TOOLKIT)
Sort of an intermediate solution. The database does the encryption for you,
but you need to manage the keys

- ASO
IMHO the easiest solution, and probably also the most reliable one (from a
security point of view), and with encryptable tablespaces (new in 11g) also
the one that will have the least impact to your performance.

You should check with your application folks what is possible for you. ASO
works good, and it's used by several clients of mine (the 10gr2 version of
it, encrypting columns, not tablespaces) -- but you need to make sure you
can take the performance implications of this feature in your environment.

Stefan



=========================

Stefan P Knecht
Senior Consultant
Systems Engineering

OPITZ CONSULTING Schweiz GmbH
Seestrasse 97
CH-8800 Thalwil

Mobile +41-79-571 36 27
stefan.knecht@xxxxxxxxxxxxxxxxxxx
http://www.opitz-consulting.ch

OCP 9i/10g SCSA SCNA
=========================


On Thu, Dec 4, 2008 at 10:17 PM, Peter Barnett <regdba@xxxxxxxxx> wrote:

> Is anyone using this product?  We have a need to encrypt one column in a
> table for compliance reasons.  It looks like 9i or 10g TDE would do the job
> for us but we build applications at the highest release available which is
> 11g.  The quandry is that in 11g this appears to now be a separately
> licensed product.
>
> If anyone has any real world experience with ASO I would appreciate hearing
> about it.  It sure seems like a lot of money to encrypt one column.  On the
> other hand, one of our competitors had a laptop with unencrypted PII stolen
> and it ended up costing them millions so, it may actually be pretty cheap.
>
> Thanks in advance.
>
> Pete Barnett
> Database Technologies Lead
> Regence
>
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>

• References:
  • Oracle 11g Advanced Security Option
    • From: Peter Barnett

Other related posts:

• » Oracle 11g Advanced Security Option- Peter Barnett
• » Re: Oracle 11g Advanced Security Option - Stefan Knecht

1. Home
2. oracle-l
3. Archive
4. 12-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---