Lok,
From what I know, for PCI data protection
related compliance there are at least two
requirements :
a) protect stored card holder data &
b) encrypt transmission of cardholder
data..
As regards “ but we need to encrypt things
while storing such that it won't be viewable
by anybody or application users” seems to
me that you are talking about requirement
“b” listed above..
If that’s correct & if you aren’t already using
it, please incorporate TLS (not SSL) to encrypt
control and management plane communications.
Regards,
Rajeev
On Nov 8, 2023 at 1:41 AM, <Lok P (mailto:loknath.73@xxxxxxxxx)> wrote:
Anyone has any thoughts on this, usage of TDE with HSM ?
On Sun, 5 Nov, 2023, 10:47 am Lok P, <loknath.73@xxxxxxxxx
(mailto:loknath.73@xxxxxxxxx)> wrote:
Yes, that is an option. But then moving the data to the downstream system,
do we need to also move the encryption keys to those environments for
decryption? I believe that will breach the PCI requirement again?
I was wondering if anybody used TDE with HSM option, and how that will
help in satisfying the PCI requirement.
On Sun, Nov 5, 2023 at 10:40 AM yudhi s <learnerdatabase99@xxxxxxxxx
(mailto:learnerdatabase99@xxxxxxxxx)> wrote:
I think if you don't have an option to store clear text , you may go
for using dbms_crypto for encrypting the column itself while
loading/persisting in your database.
On Sun, Nov 5, 2023 at 2:37 AM Lok P <loknath.73@xxxxxxxxx
(mailto:loknath.73@xxxxxxxxx)> wrote:
Hello All,
We are using Oracle version 19C and its Exadata for most of the
databases.
Creating this thread to understand how people cater to the payment
industry security requirement (i.e. PCI standard needs) through
encryption. Which is as below,
https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards
As I understand it highlights that TDE is not enough as that
encrypts the column at storage but we need to encrypt things while
storing such that it won't be viewable by anybody or application users.
And the key management also has to happen outside the
encryption/decryption zone.
Few of the third party team members suggested using Oracle TDE with HSM
to cater to this PCI requirement. We are already using Oracle
TDE(Tablespace encryption). But hearing this(Oracle TDE with HSM) for
the first time, I want to check here if anybody has experience using
this in the past and this will really suffice the PCI standard security
needs?
Regards
Lok