Presentation is loading. Please wait.

Presentation is loading. Please wait.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.

Similar presentations


Presentation on theme: "The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any."— Presentation transcript:

1

2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remains at the sole discretion of Oracle.

3 Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Paul Youn Peter Wahl Senior Member of Technical StaffSenior Product Manager

4 When in Doubt, Encrypt Encryption Recognized as Defensible Safeguard Security Breach Notification Laws recognize encryption as a safeguard against data breaches Encryption is now a de-facto solution for regulatory compliance with all data privacy and breach notification laws

5 Oracle Advanced Security Feature Overview Transparent Data Encryption – Full tablespace encryption – Column-level – Encrypted backups (RMAN) and Data Pump Exports Built-In Key Management – Managed by the database – Hardware Security Module (HSM) integration Network Encryption Strong Authentication ^#^*>* 75,000 Encrypted Tape Backups, Disk Backups, Exports Network Encryption Strong Authentication

6 Prepare Database for TDE Tablespace Encryption Configure External Security Module Create directory to store Oracle Wallet or install and configure Hardware Security Module Create Master Key: alter system set encryption key identified by password;

7 Fresh Application Installation – Modify install scripts to create encrypted tablespaces – Install application using the modified script Existing Application – Use Online Table Redefinition to transparently migrate an existing application – No downtime – Transparent to application and application users Rolling out TDE Tablespace Encryption

8 Fresh Installation Example: Peoplesoft Enterprise Edit xxDDL.sql install scripts (e.g. epddl.sql) Replace: CREATE TABLESPACE AMAPP DATAFILE /opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT MANAGEMENT LOCAL AUTOEXTENT; With: CREATE TABLESPACE AMAPP DATAFILE /opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT MANAGEMENT LOCAL AUTOEXTENT ENCRYPTION using AES256 DEFAULT STORAGE(ENCRYPT); Run script

9 Existing Installation Step-by-Step: Preparation SYS grants execution rights for Online Table Redefinition to SYSADM Temporary additional storage: size of largest tablespace Create new encrypted tablespaces containing all interim tables that correspond to the source tablespaces and tables

10 Existing Installation Step-by-Step: Create Initial Encrypted Copies Create a procedure that generates individual scripts to start redefining all tables in a tablespace at a time Copy dependent objects using dbms_redefinition.copy_table_dependents (indexes, triggers, constraints, privileges, statistics, MVlogs)

11 Existing Installation Step-by-Step: Synchronize and Finish Create a procedure that generates individual scripts to synchronize interim with original tables Create a procedure that generates individual scripts that automatically finishes the redefinition process: – Synchronize interim and original tables – Names of original tables and interim tables are switched – Original tables briefly locked Rename the original tablespaces Rename encrypted tablespaces to original tablespace name alter tablespace rename to

12 For More Information search.oracle.com or Transparent Data Encryption

13 Oracle Database Security Learn More At These Oracle Sessions S311340Classify, Label, and Protect: Data Classification and Security with Oracle Label Security Monday 14: :30 Moscone South Room 307 S308113Oracle Data Masking Pack: The Ultimate DBA Survival Tool in the Modern World Tuesday 11: :30 Moscone South Room 102 S311338All About Data Security and Privacy: An Industry PanelTuesday 13: :00 Moscone South Room 103 S311455Tips/Tricks for Auditing PeopleSoft and Oracle E- Business Suite Applications from the Database Tuesday 14: :30 Moscone South Room 306 S311339Meet the Database Security Development Managers: Ask Your Questions Tuesday 16: :00 Moscone South Room 306 S311345Database Auditing Demystified: The What, the How, and the Why Tuesday 17: :30 Moscone South Room 306 S311342Do You Have a Database Security Plan?Wednesday 11: :45 Moscone South Room 102 S311332Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Wednesday 13: :30 Moscone South Room 103 S311337Secure Your Existing Application Transparently in 30 Minutes or Less Wednesday 13: :15 Moscone South Room 103 S311344Securing Your Oracle Database: The Top 10 ListWednesday 17: :00 Moscone South Room 308 S311343Building an Application? Think Data Security FirstThursday 13: :30 Moscone South Room 104

14

15


Download ppt "The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any."

Similar presentations


Ads by Google