Oracle Advanced Security protects sensitive data from unauthorized access within databases, on the network and “at rest” on storage media. An option to the Oracle Database 11g Enterprise Edition, it provides advanced data encryption and strong authentication services for Oracle databases, while also protecting against theft or accidental loss of database backups and storage media. These controls help you address regulatory requirements (e.g., PCI and HIPAA), as well as reduce the financial and reputational risk associated with data breaches and data loss.
Key components of Oracle Advanced Security include:
- Oracle Transparent Data Encryption
- Oracle Data Redaction
- Oracle Secure Authentication
Oracle Transparent Data Encryption
Transparent data encryption encrypts data before it is written to disk, and decrypts data automatically when it is read from storage. You can use transparent data encryption without making changes to your applications. Likewise, your existing Oracle database access controls (roles, virtual private database, Oracle Database Vault, etc.) will still be enforced.
You can apply transparent data encryption at the tablespace or column levels. The former is ideal for efficiently encrypting entire application tables, while the latter lets you encrypt individual data elements like credit card numbers or social security numbers.
Oracle Data Redaction
Oracle data redaction is a new feature in Oracle Database 12c, but it is back-ported to 220.127.116.11. Part of the Advanced Security option, it enables real-time protection of data as it is displayed to end-users, with no changes to existing applications required.
Data redaction works by applying the specified protection at query execution time. It transforms the data to be displayed on-the-fly before it leaves the database, but the stored data is unchanged. This makes data redaction ideal for production environments. Data redaction differs from the Oracle Data Masking feature, which updates data using masked shapes and stores it in new data blocks.
Oracle Secure Authentication
Oracle Advanced Security offers strong authentication to the database using Kerberos, PKI or RADIUS. Strong authentication replaces password-based authentication. With strong authentication, you can configure additional tools like Secure Sockets Layer (SSL) or Smart Cards (CAC, HSPD-12) to verify users’ identities when they login to the database.
If you’re considering putting Oracle Advanced Security to work in your organization, contact Buda Consulting to schedule a free consultation. We can help you develop a best-practice strategy and approach to leveraging these exciting new Oracle security capabilities.