Re: Oracle Vault?
- From: "Stefan Knecht" <knecht.stefan@xxxxxxxxx>
- To: Jay.Miller@xxxxxxxxxxxxxxxx
- Date: Sat, 8 Sep 2007 10:39:51 +0200
Jay
I've recently set up an environment for just that purpose.
What you're looking at is several important factors, to get as close as
possible to prevent a dba from accessing the important data:
- Separation of duties (once a DBA has got a shell as oracle software owner,
your data can be viewed)
- Use database vault to protect the sensitive data with a realm from direct
access
- Use TDE (transparent data encryption) to prevent a dba from restoring a
backup, doing block dumps etc.
The biggest "performance impact" you'll probably hit by the separation of
duties ;-) TDE might also cost you some extra CPU, but you'd have to
benchmark it in your environment. The Vault shouldn't do all that much to
performance, but again, benchmark it to see if it works for you.
Also, the vault isn't perfect. A lot of things don't work out of the box --
it's a very new product after all. I'll have a presentation on just this
topic at SIOUG at the end of september. Once I'm done with it I can mail it
your way if you're interested.
Stefan
On 9/7/07, Jay.Miller@xxxxxxxxxxxxxxxx <Jay.Miller@xxxxxxxxxxxxxxxx> wrote:
>
> Has anyone used this product and be able to comment on any performance
> overhead involved? We're looking at means of encrypting senstive
> information so sys/system accounts can't see it.
>
>
>
>
--
=========================
Stefan P Knecht
Consultant
Infrastructure Managed Services
Trivadis AG
Europa-Strasse 5
CH-8152 Glattbrugg
Phone +41-44-808 70 20
Fax +41-808 70 12
Mobile +41-79-571 36 27
stefan.knecht@xxxxxxxxxxxx
http://www.trivadis.com
OCP SCSA SCNA
=========================
Other related posts:
