Friday Nov 21, 2014

Further Customer Recordings

Below are a few more live customer recordings covering both TDE and Data Redaction. Here, in just a few minutes, you can see how real customers with scenarios similar to yours are benefiting from Oracle Advanced Security.
  • Infinity Insurance Uses Encryption and Redaction, Sees Zero Impact on Applications and No Performance Degradation (Video | Success Cast)
  • Epsilon Uses TDE to Encrypt Cardholder Data and Redaction to Protect PII (Video 1 | Video 2 | Success Cast)

Friday Oct 17, 2014

Customer Videos

We often get questions about who else is using Oracle Advanced Security Transparent Data Encryption (TDE) and Data Redaction. There are a whole bunch of recorded customer testimonial videos on the Oracle Advanced Security page on Oracle Technology Network.

I just published another new video today - from Keith Wilcox of Epsilon talking about his company's great experiences using TDE.

Wednesday Oct 15, 2014

News from Oracle OpenWorld 2014

Lots of exciting news coming out of Oracle OpenWorld this year. I presented a session on Oracle Advanced Security which had close to 250 attendees. For those of you who were at the conference, you can find the download link for my slide deck on the conference portal. The session is titled Oracle Advanced Security: Best Practices for Database Encryption and Redaction.

Data Redaction was demonstrated live on the big stage at Oracle OpenWorld a couple of times. These were demos of using Oracle Advanced Security to redact sensitive data stored in Oracle BigData/Hadoop using the recently announced Oracle Big Data SQL product.

  1. OpenWorld 2014 Live: Data Redaction on Oracle BigData/Hadoop. Click here (Thomas Kurian Keynote, 23rd minute) and here (Andy Mendelsohn Keynote, 55th minute)

In addition, Oracle's Saikat Saha ran a whole set activities at the conference around our recent launch of Oracle Key Vault. This new product centrally manages TDE master keys, Oracle Wallets, Java Keystores, and much more. See details over on the key management blog here.

Monday Apr 28, 2014

How to Take an Inventory of TDE Encrypted Objects

Database administrators who manage multiple Oracle Databases may need to take a quick inventory of the TDE encrypted objects in a given database. Taking an inventory may be necessary not only for fulfilling day-to-day DBA responsibilities but also for attestation as part of periodic IT security audits.

Fortunately, listing out the TDE encrypted objects in an Oracle Database is straightforward using simple SQL queries. These queries leverage the built-in DBA_* views, and you need to have the correct database privileges to use them (e.g. have DBA role, hold individual select privileges, be logged in as SYSDBA, etc.):

  • dba_encrypted_columns
  • dba_tables
  • dba_tablespaces
  • dba_indexes

Below are example queries that use these DBA_* views to answer basic questions about what TDE encrypted objects exist in the database:

  • What tables contain TDE encrypted columns?
    sql> select table_name, column_name from dba_encrypted_columns;

  • What tables are stored in TDE encrypted tablespaces?
    sql> select a.table_name, a.tablespace_name from dba_tables a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES';

  • What indexes are stored in TDE encrypted tablespaces?
    sql> select a.index_name, a.tablespace_name from dba_indexes a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES' and index_name not like 'SYS_IL%';

  • What are all of the TDE encrypted objects including tables, indexes and columns?
    [Use a combination of the above queries]

Wednesday Feb 19, 2014

Welcome to the Oracle Advanced Security Blog!

Hello, my name is Todd Bottger.  As the technical product manager for Oracle Advanced Security here at Oracle Corp, I extend a warm welcome to new readers and hope that you will find this blog informative and useful.

By way of background, Oracle Advanced Security is a commonly used option for Oracle Database Enterprise Edition that provides two important preventive controls to protect sensitive data at the source. The first control is Transparent Data Encryption (TDE), which stops would-be attackers from bypassing the database and reading sensitive information directly from storage by enforcing data-at-rest encryption in the database layer. The second control is Data Redaction, which complements TDE by reducing the risk of unauthorized data exposure in applications, redacting sensitive data bound for application display before it leaves the database.

Here in this blog I will endeavor to post useful information covering TDE, Data Redaction and closely related topics. Please feel free to leave your comments (of course, please be cordial). Also, you can make requests for new blog postings that you think will be of interest to this audience. I look forward to hearing from you.

To learn more about encryption key management for Oracle Advanced Security, please read the key management blog as well.


Blog covering Oracle Advanced Security for Oracle Database Enterprise Edition. Specific topics include Transparent Data Encryption (TDE) and Data Redaction.


Top Tags
« August 2015