advanced-security0 pages
ORACLE DATA SHEET
ORACLE ADVANCED SECURITY
KEY FEATURES AND BENEFITS
Transparently encrypt data
without application changes
Built-in key management
Encrypt entire application
tables or individual columns
Oracle Advanced Security helps customers address regulatory
compliance requirements by protecting sensitive data on the
network, on storage media and within the database from
unauthorized disclosure. Transparent Data Encryption, a major
Encrypt database exports and
RMAN backups
component of Oracle Advanced Security, provides the industry’s
Encrypt Oracle SQL*Net
network traffic
most advanced database encryption solution for protecting sensitive
Fully interoperable with
Oracle Advanced
Compression technologies
Fully Interoperable with
Oracle GoldenGate 11.1.1.1
information without requiring changes to applications.
Overview
Oracle Advanced Security is an option to the Oracle Database 11g Enterprise
Exadata X2 ‘Smart Scan’ and
EHCC support
Edition that helps address privacy and regulatory requirements including the
Integration with hardware
security modules (HSM) for
centralized, high assurance,
key management
Portability and Accountability Act (HIPAA), and numerous breach notification
Cryptographic acceleration
with AES-NI on Intel® XEON®
5600
access from the network and the operating system. It also protects against theft,
Industry standards – AES,
3DES, PKCS#11, PKCS#12,
X.509v3
Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance
laws. Oracle Advanced Security provides data encryption and strong authentication
services to the Oracle database, safeguarding sensitive data against unauthorized
loss, and improper decommissioning of storage media and database backups.
Transparent Data Encryption
Transparent data encryption (TDE) encrypts data before it is written to storage and
automatically decrypts data when reading it from storage without any changes to
existing applications – no triggers, views or other costly changes. Access controls
that are enforced by the Oracle database, including object grants, roles, virtual
private database and Oracle Database Vault, still remain in effect.
TDE supports two modes: tablespace encryption and column encryption. TDE
tablespace encryption, introduced with Oracle Database 11g, provides an efficient
solution for encrypting entire application tables. TDE tablespace encryption fully
supports Exadata X2 including Smart Scan and Hybrid Columnar Compression
(EHCC). Starting with Oracle Database 11.2.0.2, TDE tablespace encryption
automatically utilizes the hardware acceleration of the Intel® Xeon® 5600 CPUs
with AES-NI, enabling Oracle Database 11g to encrypt and decrypt data up to 10
times faster on Intel® platforms, including the Oracle Exadata Database Machine.
TDE column encryption, introduced with Oracle Database 10g Release2, provides
an efficient solution for encrypting individual data elements such as credit card and
1