- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
Application Level Encryption for sensitive columns in a Table
Encryption is always one of the main topics when it comes to security , and best security strategies to secure your "data". So far in Oracle there is Network Encryption, and TDE (Transparent Data Encryption).
TDE will encrypt data at rest (physical layer- data files) which is a good thing.... but data identified as sensitive in a specific columns can still be viewed un-encrypted when queried through SQL (especially from the DBA-SYS user)....i understand there other security options for limiting data exposures such as label security, dbms_redact, virtual private database, database vault.....however the DBA and an attacker who successfully becomes a DBA can over-pass some of these features restrictions.
What i am proposing is application side level encryption where sensitive data in columns are pushed encrypted from (application-side) and stored encrypted within the database. The management of the key store and implementation will be from application tier. what is the benefit here ? the data will be stored inside the database encrypted so even from "SQL" level the super-user which is the DBA will see "garbage data" (encrypted) and will not be able to decrypt it....this data remains encrypted with backups, and of course on the physical level if someone stole the data files [sensitive columns data are encrypted],....etc and can be ONLY decrypted from application level. I believe its end-to-end protection compared to TDE and is a good feature to be added.