I am using 11g release-2 version of oracle. We are supposed to apply TDE on our database PI column. we are having two PI column clear to us, around 30 of the table will be impacted and 25 of the tables are having one of the PI column in them, rest 5 are having both two PI columns in them. And also there was no index/data type related issue associated with the columns, Also 5 tables were big in size (more than 30GB), so i had decided to go for Column level encryption.But our architect team suggests us to go for tablespace level encryption, as its implemented well in 95% of the other places. So i am having below questions.
1. I read from oracle documentation, column level encryption will affect 'select' and 'insert' during encryption/decryption having ~5% performnace overhead per column and tablespace encryption will be having 5% to 8% of performnace overhead, so whether this(tablespace encryption) overhead is for DML or SELECT query or Index rebuild or any other operation and how? http://docs.oracle.com/cd/E11882_01/network.112/e10746/asotrans.htm 2. How tablespace encryption will be beneficial compare to column level encryption considering my case above? 3. If will go for tablespace encryption then, Should i move all the tables/existing object on the tablespaces to encrypted tablespace or only specificly those which contains PI data?