Transparent Data Encryption Certified for Apps 11i

Editor Jan 24 2007 update:  Expanded on logical standby restrictions.

Stories of lost backup tapes have become embarrassingly common. UPS lost Citigroup backup tapes containing personal information for 3.9 million customers.  Bank of America backup tapes containing personal information for 1.2 million federal employees were stolen off a commercial plane.  Marriot lost backup tapes with personal information for over 200,000 employees and customers.  Iron Mountain lost Time Warner backup tapes containing personal information on 40,000 Time Warner employees.  And the list just keeps getting longer…

If one assumes that any small physical object can be lost, then the odds of your losing a backup tape increase with every backup that you make.  One suboptimal option for reducing your risk of loss is to to stop making backups.  I wouldn’t recommend that.

Encrypting E-Business Suite Data

A better option is to ensure that your backups are encrypted with the 10gR2 Database Transparent Data Encryption feature in the Oracle Advanced Security Option, reducing the risk of security breaches if backup tapes are physically lost or stolen.  

Transparent Data Encryption (TDE) is now certified with the E-Business Suite, allowing you to encrypt selected columns in the E-Business Suite’s database files.  This encryption is transparent to the E-Business Suite during runtime and requires no E-Business Suite patches.  Backups of E-Business Suite database files are encrypted, requiring an Oracle Wallet for decryption.  Database files can be encrypted with the following cryptographic algorithms:

• Triple Data Encryption Standard (3DES)
• Advanced Encryption Standard (AES):  128, 192, and 256 bit

Prerequisites

• E-Business Suite 11.5.9 with Consolidated Update 2 or higher
• 10gR2 Database 10.2.0.2

There are some potential performance and patching implications, and restrictions around the use of LogMiner based technologies such as Streams

and DataGuard in logical standby mode.  (Remember that LogMiner does not support a number of data types used in the E-Business Suite; physical standby is recommended for Apps environments.)

For complete details, including a list of recommended columns to encrypt, see:

• Using Transparent Data Encryption with the E-Business Suite (Metalink Note 403294.1)

Related

• Interoperability Notes:  Oracle Applications Release 11i with Oracle Database 10g Release 2 (Metalink Note 362203.1)