Transcript Slide 1

The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
Encrypt Your Sensitive Data Transparently in 30 Minutes or Less
Paul Youn
Senior Member of Technical Staff
Peter Wahl
Senior Product Manager
When in Doubt, Encrypt
Encryption Recognized as Defensible Safeguard
• Security Breach Notification Laws recognize
encryption as a safeguard against data breaches
• Encryption is now a de-facto solution for regulatory
compliance with all data privacy and breach
notification laws
Oracle Advanced Security
Feature Overview
• Transparent Data Encryption
Strong
Authentication
– Full tablespace encryption
– Column-level
– Encrypted backups (RMAN) and
Data Pump Exports
• Built-In Key Management
– Managed by the database
– Hardware Security Module (HSM)
integration
• Network Encryption
• Strong Authentication
Network
Encryption
75,000
^#^*>*
Encrypted Tape Backups,
Disk Backups, Exports
Prepare Database for TDE Tablespace Encryption
Configure External Security Module
• Create directory to store Oracle Wallet or install and
configure Hardware Security Module
• Create Master Key: alter system set encryption key
identified by “password”;
Rolling out TDE Tablespace Encryption
• Fresh Application Installation
– Modify install scripts to create encrypted tablespaces
– Install application using the modified script
• Existing Application
– Use Online Table Redefinition to transparently migrate an
existing application
– No downtime
– Transparent to application and application users
Fresh Installation
Example: Peoplesoft Enterprise
• Edit xxDDL.sql install scripts (e.g. epddl.sql)
Replace:
CREATE TABLESPACE AMAPP DATAFILE
‘/opt/oracle/oradata/amapp.dbf’ SIZE 90M EXTENT
MANAGEMENT LOCAL AUTOEXTENT;
With:
CREATE TABLESPACE AMAPP DATAFILE
‘/opt/oracle/oradata/amapp.dbf’ SIZE 90M EXTENT
MANAGEMENT LOCAL AUTOEXTENT ENCRYPTION using AES256
DEFAULT STORAGE(ENCRYPT);
• Run script
Existing Installation
Step-by-Step: Preparation
• SYS grants execution rights for Online Table
Redefinition to SYSADM
• Temporary additional storage: size of largest
tablespace
• Create new encrypted tablespaces containing all
interim tables that correspond to the source
tablespaces and tables
Existing Installation
Step-by-Step: Create Initial Encrypted Copies
• Create a procedure that generates individual scripts
to start redefining all tables in a tablespace at a time
• Copy dependent objects using
dbms_redefinition.copy_table_dependents (indexes,
triggers, constraints, privileges, statistics, MVlogs)
Existing Installation
Step-by-Step: Synchronize and Finish
• Create a procedure that generates individual scripts
to synchronize interim with original tables
• Create a procedure that generates individual scripts
that automatically finishes the redefinition process:
– Synchronize interim and original tables
– Names of original tables and interim tables are switched
– Original tables briefly locked
• Rename the original tablespaces
• Rename encrypted tablespaces to original tablespace
name
alter tablespace <TBS_NAME_ENC> rename to
<TBS_NAME>
For More Information
search.oracle.com
Transparent Data Encryption
or
http://www.oracle.com/database/security/index.html
Oracle Database Security
Learn More At These Oracle Sessions
S311340
Classify, Label, and Protect: Data Classification and
Security with Oracle Label Security
Monday 14:30 - 15:30 Moscone South Room 307
S308113
Oracle Data Masking Pack: The Ultimate DBA Survival
Tool in the Modern World
Tuesday 11:30 - 12:30 Moscone South Room 102
S311338
All About Data Security and Privacy: An Industry Panel
Tuesday 13:00 - 14:00 Moscone South Room 103
S311455
Tips/Tricks for Auditing PeopleSoft and Oracle EBusiness Suite Applications from the Database
Tuesday 14:30 - 15:30 Moscone South Room 306
S311339
Meet the Database Security Development Managers: Ask
Your Questions
Tuesday 16:00 - 17:00 Moscone South Room 306
S311345
Database Auditing Demystified: The What, the How, and
the Why
Tuesday 17:30 - 18:30 Moscone South Room 306
S311342
Do You Have a Database Security Plan?
Wednesday 11:45 - 12:45 Moscone South Room 102
S311332
Encrypt Your Sensitive Data Transparently in 30 Minutes
or Less
Wednesday 13:00 - 13:30 Moscone South Room 103
S311337
Secure Your Existing Application Transparently in 30
Minutes or Less
Wednesday 13:45 - 14:15 Moscone South Room 103
S311344
Securing Your Oracle Database: The Top 10 List
Wednesday 17:00 - 18:00 Moscone South Room 308
S311343
Building an Application? Think Data Security First
Thursday 13:30 - 14:30 Moscone South Room 104