Wednesday, October 17, 2012

Data Protection

While there are a variety of ways to protect structured and unstructured data, there are several key issues inherent in some Data Protection approaches. Some of the more notable data protection challenges include:
  • Protecting both Structured and Unstructured Data - Unstructured data, such as a spreadsheet report extracted from the database containing sensitive data, also needs to be considered when evaluating data protection and security
  • Reducing Administrative Overhead - Internal database encryption (TDE) solutions require user training and processes that are unique to each database company, a costly and resource-consuming task
  • Augmenting Inadequate Policy and Database TDE Key Management - enterprises with large deployments to use the native database key management solutions, since each database server will have separate encryption keys to manage
  • Simplifying Legacy Database Migration - It can be difficult or impossible to migrate older database versions to more recent versions offering internal TDE data protection, because of the constraints inherent in the packaged database application
  • Improving Performance - The performance overhead required for TDE varies significantly depending on the workload, whether column encryption or tablespace encryption is used
Posted by at No comments:
Labels: , ,

Database Protection

An enterprise looking to provide database protection with internal database encryption functionality will need to factor in potential increased costs and administrative resources required for managing multiple database encryption solutions. While native encryption methods (such as TDE) can be an adequate database protection choice for some customer scenarios, there are limitations inherent in the internal encryption approach.
Posted by at No comments:
Labels: , ,

Monday, October 15, 2012

Oracle Encryption

Oracle provides encryption functionality as part of the Oracle Database Advanced Security Option (ASO). Oracle's ASO offering includes Transparent Data Encryption (TDE). Oracle Data Masking and Database Vault are other options available from Oracle that can be used to address other security requirements. Oracle Encryption (TDE) was first introduced in Oracle 10g Database Release 2 (10gR2) to simplify the encryption of data within data files, preventing access to it from the operating system. Oracle 10gR2 provided column encryption. Oracle 11gR1 and R2 added tablespace encryption to the existing column encryption.
Posted by at No comments:
Labels: , , , , ,

Storage Encryption

There are several different approaches to encrypting server data, some of the main Storage Encryption challenges include:
  • Storage Environment Changes - Most storage encryption solutions are not transparent and require considerable new hardware and changes to the storage environment.
  • Threat Protection, Physical Media, and Data Theft - Storage-oriented encryption provides protection against the theft of physical media, but does little to protect against internal and external hackers. Most significant data breaches have involved hacking rather than theft of physical media.
  • Separation of Duties - Storage-oriented encryption can secure data at rest on the physical media if that media is somehow stolen, but it does not protect against a hacker or malicious insider accessing data through the corporate network
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)