Can I set up an Oracle Database in a way that all of the following statements are true
a) certain columns, potentially all columns are encrypted, so that direct file access to the database file wouldn't allow an attacker to retrieve any records
b) the encrypted columns are transparently decrypted for authorized user, where authorization happens e.g. by having a certain role or privilege
c) an admin who has suiteable privileges for doing 'normal' admin tasks (tuning, creating/droping schema objects, restarting database, selecting from data dictionary) can select the tables but will see only encrypted data in the encrypted columns.
If this is possible, how do I do it. If it is not possible, what are the options I have to at least get 'close' to these requirements?
a)+b) seem to be possible with Oracle Transparent Data Encryption, but I am not sure about c)
Transparent Data Encryption only does (a). It is about preventing data breaches occuring because somebody stole the hard drive or backups, or ran strings
against the DBF files. That's still useful, because it prevents your sysadmins using their privileged OS access to bypass all your database security.
If you want to enforce something like (b) the appropriate technology is the virtual private database - either DBMS_RLS with the Enterprise Edition or Oracle Label Security if you have the additional license.
If you want to implement (c) you will need Oracle's Database Vault product, which is again a chargeable extra on top of the Enterprise License.
As TDE requires the Advanced Security Option these options amount to a 75%(*) surcharge on the EE license. In which case you might as well go for broke and buy Audit Vault as well!
(*) Only 50% if you buy Label Security.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With