Title: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be
1(No Transcript)
2The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into
any contract. It is not a commitment to deliver
any material, code, or functionality, and should
not be relied upon in making purchasing
decisions.The development, release, and timing
of any features or functionality described for
Oracles products remains at the sole discretion
of Oracle.
3Encrypt Your Sensitive Data Transparently in 30
Minutes or Less
- Paul Youn Peter Wahl
- Senior Member of Technical Staff Senior Product
Manager
4When in Doubt, EncryptEncryption Recognized as
Defensible Safeguard
- Security Breach Notification Laws recognize
encryption as a safeguard against data breaches - Encryption is now a de-facto solution for
regulatory compliance with all data privacy and
breach notification laws
5Oracle Advanced SecurityFeature Overview
Strong Authentication
- Transparent Data Encryption
- Full tablespace encryption
- Column-level
- Encrypted backups (RMAN) and Data Pump Exports
- Built-In Key Management
- Managed by the database
- Hardware Security Module (HSM) integration
- Network Encryption
- Strong Authentication
Network Encryption
gt
75,000
Encrypted Tape Backups, Disk Backups, Exports
6Prepare Database for TDE Tablespace
EncryptionConfigure External Security Module
- Create directory to store Oracle Wallet or
install and configure Hardware Security Module - Create Master Key alter system set encryption
key identified by password
7Rolling out TDE Tablespace Encryption
- Fresh Application Installation
- Modify install scripts to create encrypted
tablespaces - Install application using the modified script
- Existing Application
- Use Online Table Redefinition to transparently
migrate an existing application - No downtime
- Transparent to application and application users
8Fresh InstallationExample Peoplesoft Enterprise
- Edit xxDDL.sql install scripts (e.g. epddl.sql)
- Replace
- CREATE TABLESPACE AMAPP DATAFILE
/opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT
MANAGEMENT LOCAL AUTOEXTENT - With
- CREATE TABLESPACE AMAPP DATAFILE
/opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT
MANAGEMENT LOCAL AUTOEXTENT ENCRYPTION using
AES256 DEFAULT STORAGE(ENCRYPT) - Run script
9Existing InstallationStep-by-Step Preparation
- SYS grants execution rights for Online Table
Redefinition to SYSADM - Temporary additional storage size of largest
tablespace - Create new encrypted tablespaces containing all
interim tables that correspond to the source
tablespaces and tables
10Existing InstallationStep-by-Step Create
Initial Encrypted Copies
- Create a procedure that generates individual
scripts to start redefining all tables in a
tablespace at a time - Copy dependent objects using dbms_redefinition.cop
y_table_dependents (indexes, triggers,
constraints, privileges, statistics, MVlogs)
11Existing InstallationStep-by-Step Synchronize
and Finish
- Create a procedure that generates individual
scripts to synchronize interim with original
tables - Create a procedure that generates individual
scripts that automatically finishes the
redefinition process - Synchronize interim and original tables
- Names of original tables and interim tables are
switched - Original tables briefly locked
- Rename the original tablespaces
- Rename encrypted tablespaces to original
tablespace name - alter tablespace ltTBS_NAME_ENCgt rename to
ltTBS_NAMEgt
12For More Information
search.oracle.com
Transparent Data Encryption
or http//www.oracle.com/database/security/index.h
tml
13Oracle Database Security
Learn More At These Oracle
Sessions
S311340 Classify, Label, and Protect Data Classification and Security with Oracle Label Security Monday 1430 - 1530 Moscone South Room 307
S308113 Oracle Data Masking Pack The Ultimate DBA Survival Tool in the Modern World Tuesday 1130 - 1230 Moscone South Room 102
S311338 All About Data Security and Privacy An Industry Panel Tuesday 1300 - 1400 Moscone South Room 103
S311455 Tips/Tricks for Auditing PeopleSoft and Oracle E-Business Suite Applications from the Database Tuesday 1430 - 1530 Moscone South Room 306
S311339 Meet the Database Security Development Managers Ask Your Questions Tuesday 1600 - 1700 Moscone South Room 306
S311345 Database Auditing Demystified The What, the How, and the Why Tuesday 1730 - 1830 Moscone South Room 306
S311342 Do You Have a Database Security Plan? Wednesday 1145 - 1245 Moscone South Room 102
S311332 Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Wednesday 1300 - 1330 Moscone South Room 103
S311337 Secure Your Existing Application Transparently in 30 Minutes or Less Wednesday 1345 - 1415 Moscone South Room 103
S311344 Securing Your Oracle Database The Top 10 List Wednesday 1700 - 1800 Moscone South Room 308
S311343 Building an Application? Think Data Security First Thursday 1330 - 1430 Moscone South Room 104
14(No Transcript)
15(No Transcript)