Use TDE to protect data on disk, or "data at rest".
In other words, TDE adds another layer of security to your database setup, but is by no means sufficent to protect your data by itself.
Inside the database, Oracle uses different methods to protect the data against unauthorized access.
For example, you can set up auditing to trace Access to specific tables in the database.
Another example would be redaction, introduced in Oracle 12cR1, which can hide sensitive data from the users.
However, none of these methods would protect data on disk, or "data at rest" as Oracle calls it.
From the documentation:
"TDE helps protect data stored on media (also called data at rest) in the event that the storage media or data file is stolen."
and
"To protect these data files, Oracle Database provides Transparent Data Encryption (TDE). TDE encrypts sensitive data stored in data files."
How does Oracle prevent unauthorized decryption?
"To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database, called a keystore."
Source: Oracle Documentation
No comments:
Post a Comment