OWB - Securing your data with Transparent Data Encryption
By David Allan on Mar 07, 2013
Oracle provides a secure and convenient functionality for securing data in your datawarehouse, tables can be designed in OWB utilizing the Transparent Data Encryption capability. This is done by configuring specific columns in a table to use encryption.
When users insert data, the Oracle database transparently encrypts it and stores it in the column. Similarly, when users select the column, the database automatically decrypts it. Since all this is done transparently without any change the application code, the feature has an appropriate name: Transparent Data Encryption.
Encryption requires users to apply an encryption algorithm and an encryption key to the clear-text input data. And to successfully decrypt an encrypted value, users must know the value of the same algorithm and key. In Oracle database, users can specify an entire tablespace to be encrypted, or selected columns of a table. From OWB we support column encryption that can be applied to tables and external tables.
We secure the capture of the password for encryption in an OWB location, just like other credentials. This is then used later in the configuration of the table.
We can configure a table and for columns define any encryption, including the encryption algorithm, integrity algorithm and the password.
Then when the table is deployed from OWB, the TDE information is incorporated into the DDL for the table;
When data is written to this column it is encrypted on disk. Read more about this area in the Oracle Advanced Security white paper on Transparent Data Encryption Best Practices here.