Saturday Sep 19, 2015

Meet the Oracle Advanced Security Team at OpenWorld 2015 - October 25-29 in San Francisco

Once again, I am excited to present a public session about Oracle Advanced Security at this year's Oracle OpenWorld conference in San Francisco. Please join me Wednesday, October 28th at 4:15-5:00 in Moscone South #104 to learn more about what's new with Oracle Advanced Security, best practices for deployment, and what's coming in the next release of Oracle Database. More details about this session are available in the OpenWorld content catalog here (search for session identifier CON8563). The extended Oracle Advanced Security team also will be available to answer your questions at our OpenWorld DEMOgrounds booth during regular exhibition hours. We hope to see you there!

Deploying TDE for Existing Data with Near-Zero Downtime Using Data Pump and Data Guard

There are many ways to deploy TDE tablespace encryption for existing clear data. A few common approaches include running standard SQL commands, using Oracle Data Pump export/import, and employing Oracle Online Table Redefinition. Additionally, we recently published two new white papers that add to this growing repertoire of options. These papers describe an innovative technique that combines usage of Data Pump and Data Guard together to achieve near-zero downtime. To learn more, download the white papers here (11gR2) and here (12c).

Friday Nov 21, 2014

Further Customer Recordings

Below are a few more live customer recordings covering both TDE and Data Redaction. Here, in just a few minutes, you can see how real customers with scenarios similar to yours are benefiting from Oracle Advanced Security.
  • Infinity Insurance Uses Encryption and Redaction, Sees Zero Impact on Applications and No Performance Degradation (Video | Success Cast)
  • Epsilon Uses TDE to Encrypt Cardholder Data and Redaction to Protect PII (Video 1 | Video 2 | Success Cast)

Friday Oct 17, 2014

Customer Videos

We often get questions about who else is using Oracle Advanced Security Transparent Data Encryption (TDE) and Data Redaction. There are a whole bunch of recorded customer testimonial videos on the Oracle Advanced Security page on Oracle Technology Network.

I just published another new video today - from Keith Wilcox of Epsilon talking about his company's great experiences using TDE.

Wednesday Oct 15, 2014

News from Oracle OpenWorld 2014

Lots of exciting news coming out of Oracle OpenWorld this year. I presented a session on Oracle Advanced Security which had close to 250 attendees. For those of you who were at the conference, you can find the download link for my slide deck on the conference portal. The session is titled Oracle Advanced Security: Best Practices for Database Encryption and Redaction.

Data Redaction was demonstrated live on the big stage at Oracle OpenWorld a couple of times. These were demos of using Oracle Advanced Security to redact sensitive data stored in Oracle BigData/Hadoop using the recently announced Oracle Big Data SQL product.

  1. OpenWorld 2014 Live: Data Redaction on Oracle BigData/Hadoop. Click here (Thomas Kurian Keynote, 23rd minute) and here (Andy Mendelsohn Keynote, 55th minute)

In addition, Oracle's Saikat Saha ran a whole set activities at the conference around our recent launch of Oracle Key Vault. This new product centrally manages TDE master keys, Oracle Wallets, Java Keystores, and much more. See details over on the key management blog here.

Monday Apr 28, 2014

How to Take an Inventory of TDE Encrypted Objects

Database administrators who manage multiple Oracle Databases may need to take a quick inventory of the TDE encrypted objects in a given database. Taking an inventory may be necessary not only for fulfilling day-to-day DBA responsibilities but also for attestation as part of periodic IT security audits.

Fortunately, listing out the TDE encrypted objects in an Oracle Database is straightforward using simple SQL queries. These queries leverage the built-in DBA_* views, and you need to have the correct database privileges to use them (e.g. have DBA role, hold individual select privileges, be logged in as SYSDBA, etc.):

  • dba_encrypted_columns
  • dba_tables
  • dba_tablespaces
  • dba_indexes

Below are example queries that use these DBA_* views to answer basic questions about what TDE encrypted objects exist in the database:

  • What tables contain TDE encrypted columns?
    sql> select table_name, column_name from dba_encrypted_columns;

  • What tables are stored in TDE encrypted tablespaces?
    sql> select a.table_name, a.tablespace_name from dba_tables a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES';

  • What indexes are stored in TDE encrypted tablespaces?
    sql> select a.index_name, a.tablespace_name from dba_indexes a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES' and index_name not like 'SYS_IL%';

  • What are all of the TDE encrypted objects including tables, indexes and columns?
    [Use a combination of the above queries]

Wednesday Feb 19, 2014

Welcome to the Oracle Advanced Security Blog!

Hello, my name is Todd Bottger.  As the technical product manager for Oracle Advanced Security here at Oracle Corp, I extend a warm welcome to new readers and hope that you will find this blog informative and useful.

By way of background, Oracle Advanced Security is a commonly used option for Oracle Database Enterprise Edition that provides two important preventive controls to protect sensitive data at the source. The first control is Transparent Data Encryption (TDE), which stops would-be attackers from bypassing the database and reading sensitive information directly from storage by enforcing data-at-rest encryption in the database layer. The second control is Data Redaction, which complements TDE by reducing the risk of unauthorized data exposure in applications, redacting sensitive data bound for application display before it leaves the database.

Here in this blog I will endeavor to post useful information covering TDE, Data Redaction and closely related topics. Please feel free to leave your comments (of course, please be cordial). Also, you can make requests for new blog postings that you think will be of interest to this audience. I look forward to hearing from you.

To learn more about encryption key management for Oracle Advanced Security, please read the key management blog as well.


Blog covering Oracle Advanced Security for Oracle Database Enterprise Edition. Specific topics include Transparent Data Encryption (TDE) and Data Redaction.


« October 2015