Q&A from Oracle Database 11g Security and Compliance Webcast
By Troy Kitch-Oracle on Aug 03, 2011
Last week we had more than 2900 registrants for the Oracle Database 11g Security and Compliance webcast with guest speaker Tom Kyte. With hundreds of questions coming in, we weren’t able to answer them all. Here are answers to some of the most common questions. If you missed the webcast and want to watch the recording, or would like to sign up for upcoming webcasts in the series, register here.
Q: What is the performance overhead of implementing Oracle Advanced Security with Transparent Data Encryption?A: According to internal benchmarks and feedback from successful production implementations, the performance overhead is in the single digits. With Oracle Database 11g Release 2 Patchset 1 (18.104.22.168), the hardware crypto acceleration based on AES-NI available in most Intel® XEON® 5600 CPUs is automatically leveraged by TDE tablespace encryption, making TDE tablespace encryption a 'near-zero impact' encryption solution. Listen to TransUnion talk about their experience deploying tablepace encryption.
Q: Can the Oracle Database Firewall be used to monitor performance?A: Yes. The Oracle Database Firewall can non-intrusively monitor SQL traffic coming to/from the database, including database response and status of SQL statement execution, so the Oracle Database Firewall can help developers to monitor and assess SQL queries performance on production databases, find slow or inconsistently performing queries and also help to identify all clients connecting to a specific database before and after migration by providing execution times on logged database activity. Learn more in the upcoming Database Firewall webcast.
Q: How does Oracle Data Masking protect sensitive data in non-production environments?A: With Oracle Data Masking, sensitive information such as credit card or social security numbers can be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-source or off-shore partners for other non-production purposes. In other words sensitive data is protected by not being made available in these environments. To better understand data masking, take a look at the flash demo.
Q: Can the Oracle Database Vault administrator/owner see data protected by a realm?A: No. The Oracle Database Vault owner account can only setup the realm. It cannot see data protected by a realm. This is part of the separation of duty that Oracle Database Vault enforces. Learn more in the Oracle Database Vault Best Practices whitepaper.
And the most frequently asked question…
Q: Is this webcast being recorded?A: Yes, you can get the recording here, as well as register for upcoming webcasts in the series. Don’t miss the next one, Blocking SQL Injection Attacks and Other Threats with Oracle Database Firewall on August 25th at 11am PT, featuring guest speaker Steve Moyle, CTO of Oracle Database Firewall.