Advanced Security Ds 23ai
Advanced Security Ds 23ai
Oracle Advanced Security with Oracle Database 23ai delivers industry-leading encryption and data redaction
capabilities, vital to protecting sensitive application data. Transparent Data Encryption helps prevent unauthorized
access to sensitive information from the operating system, backup media, and database exports. Data Redaction
provides dynamic masking for data for application interfaces. Oracle Transparent Data Encryption works with Oracle
Database technologies such as RMAN, RAC, Advanced Compression, Oracle Sharding, Data Guard, GoldenGate, and
Multitenant, delivering high performance on Oracle’s engineered systems.
The solution is transparent to applications because data is automatically encrypted when written to storage and
decrypted when read from storage. It is also transparent to access controls enforced at the database and application
layers. No application code or configuration changes are required.
The encryption and decryption processes are fast because Transparent Data Encryption leverages Oracle Database
caching optimizations. In addition, Transparent Data Encryption utilizes CPU-based hardware acceleration available in
Intel®, AMD, and Oracle SPARC CPUs, including Oracle Exadata and SuperCluster. Exadata Smart Scans of encrypted
data are accelerated by decrypting data in parallel on multiple storage cells. Exadata Hybrid Columnar Compression
runs efficiently by reducing the number of required cryptographic operations.
Transparent Data Encryption implements a two-tier encryption key management architecture consisting of data
encryption keys and master encryption keys. Administrators can manage master keys locally in an Oracle Wallet or
centrally in Oracle Key Vault. Built-in functionality manages keys across their lifecycle and provides easy key rotation
without the overhead of re-encrypting all your data.
Transparent Data Encryption deploys quickly and is included by default with the database installation. Users can
encrypt existing tablespaces online with zero downtime on production systems or offline with no storage overhead
during a maintenance window. Transparent Data Encryption works out of the box with Oracle Data Guard, Oracle Real
Application Clusters (RAC), and multitenant databases. Oracle Database Configuration Assistant (DBCA) can
automatically encrypt existing databases or create encrypted databases.
Unlike approaches that rely on application coding or additional software components, Data Redaction policies are
enforced directly in the database kernel. Declarative policies can apply different data transformations, such as partial,
random, and full redaction. Redaction can be conditional, based on various factors tracked by the database or passed
to the database by applications such as user identifiers, application identifiers, or client IP addresses. A redaction
format library provides pre-configured column templates for common types of sensitive data, such as credit card
numbers and national identification numbers. Once enabled, policies are enforced immediately, even for active
sessions.
Transparent Data Encryption and Data Redaction complement other database features while integrating with Oracle
Database tools. For example, Transparent Data Encryption tablespace encryption works seamlessly with Oracle
Recovery Manager to produce encrypted and compressed backups.
Oracle Advanced Security fully supports Oracle Multitenant, enabling data security isolation between database
tenants. Transparent Data Encryption and Data Redaction remain in place when pluggable databases are moved to
new multitenant container databases, protecting them while in transit.
Oracle Advanced Security is the only data protection solution for the Oracle Database that delivers application
transparency and coverage throughout the data lifecycle without performance penalties or the requirement to
expand computing resources. Organizations preparing to move to the cloud can leverage the same data protection
solutions with all their databases, both on-premises and in the cloud.
Related products
Oracle Database 23ai defense-in-depth solutions
Oracle Key Vault
Oracle Database Vault
Oracle Label Security
Oracle Data Masking and Subsetting Pack
Oracle Audit Vault and Database Firewall
Oracle Data Safe
Connect with us
Call +1.800.ORACLE1 or visit oracle.com. Outside North America, find your local office at: oracle.com/contact.
Copyright © 2024, Oracle and/or its affiliates. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is
not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability
or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document.
This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle, Java, MySQL, and NetSuite are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.