ENCRYPTION with Oracle Advanced Security

Slides:



Advertisements
Similar presentations
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.
Advertisements

ITEC474 INTRODUCTION.
INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC Backup and Recovery Copyright System Managers LLC 2008 all rights reserved.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Database Administration and Security Transparencies 1.
Manageware For Documentum ESI SOFTWARE 2006
Database Administration ISQA 436 Fall 2006 Mark Freeman
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith
Oracle Database Administration. Rana Almurshed 2 course objective After completing this course you should be able to: install, create and administrate.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Introduction to Oracle Backup and Recovery
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Database Planning, Design, and Administration Transparencies
15 Copyright © 2005, Oracle. All rights reserved. Performing Database Backups.
Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.
Backup & Recovery Backup and Recovery Strategies on Windows Server 2003.
Oracle9i Performance Tuning Chapter 1 Performance Tuning Overview.
15 Copyright © 2007, Oracle. All rights reserved. Performing Database Backups.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
A Guide to Oracle9i1 Database Instance startup and shutdown.
Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  
Chapter No 4 Query optimization and Data Integrity & Security.
Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
Advanced Databases DBA: Security and Backups Guide to Oracle 10g 1.
Database Administration
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
3 Copyright © 2005, Oracle. All rights reserved. Creating an Oracle Database.
Greenlight Presentation Oracle 11g Upgrade February 16, 2012.
Data Confidentiality Oracle Security Do Tri Tuc
18 Copyright © 2004, Oracle. All rights reserved. Backup and Recovery Concepts.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Difference between DBMS and File System
TEXT BOOK: DATABASE ADMINISTRATION: THE COMPLETE GUIDE TO PRACTICES AND PROCEDURES CRAIG S. MULLINS Database Administration(IS4511) Sana azzam
Database Administration Advanced Database Dr. AlaaEddin Almabhouh.
1 Copyright © 2005, Oracle. All rights reserved. Oracle Database Administration: Overview.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
Customer pulse Why Stretch? How Stretch works? Core Stretch scenarios Demo QA.
Azure SQL Database Updates
Chapter 6 Database Administrator (DBA)
Blackboard Security System
Database recovery contd…
Smarter Technology for Better Business
Oracle structures on database applications development
DBA 5/20/2018 Like a policeman or teacher
Exadata and ZFS Storage at Nielsen
Database Security.
Oracle Database Administration
What, When, Why, Where and How SCC maintains your Oracle database
Maximum Availability Architecture Enterprise Technology Centre.
Performing Database Backups
Database Security.
Managing Multi-user Databases
Introduction of Week 6 Assignment Discussion
CHAPTER 5: PHYSICAL DATABASE DESIGN AND PERFORMANCE
Transparent Data Encryption (TDE)
Database Management System (DBMS)
Raytheon Missile Systems Steve Lacy
Re-Indexing - The quest of ultimate automation
Oracle Architecture Overview
ISYS366, Database Administration II
Performing Tablespace Point-in-Time Recovery
How to Mitigate the Consequences What are the Countermeasures?
IT and Development support services
Prepared by Jaroslav makovski
AWS S3 Cloud Backup Licensing per system Starting at $79 per year.
Designing IIS Security (IIS – Internet Information Service)
Protect data in core business applications
Presentation transcript:

ENCRYPTION with Oracle Advanced Security

Oracle Advanced Security – Why Encrypt? To protect sensitive data from unauthorized disclosure or use Examples of sensitive data are; Personally Identifiable Information (PII) Social Security Number Name Address Birthdate Federal Taxpayer Information (FTI) Information provided by the IRS or other federal agency, to include SSN, etc.

Oracle Advanced Security – Encryption Methods Data should be encrypted both at rest and in transit At rest - protects the data at the disk level so if our actual database files were stolen they would be unreadable.  In transit - protects our data as it travels from the source to the database and back

Oracle Advanced Security Oracle Advanced Security provides two important controls to protect sensitive data Transparent Data Encryption (TDE) TDE stops would-be attackers from bypassing the database and reading sensitive information directly from storage by enforcing data-at-rest encryption in the database layer. On-the-fly Redaction of Display Data Data Redaction complements TDE by reducing the risk of unauthorized data exposure in applications, redacting sensitive data before it leaves the database. Together these two controls form the foundation of Oracle’s defense- in-depth, multi-layered database security solution

Encryption – What we encrypted Oracle allows both Column level and Tablespace encryption Column Level – most useful when sensitive data is limited and confined to very few tables Tablespace Level – should be used when sensitive data exists throughout the database

Encryption – How we decided what type to use We used tablespace level encryption for all of our applications including the ones in the IOT Oracle Shared Environment because: This offered the best protection for all data The applications were not designed to keep PII in specific tables There are restrictions on using Column Level Encryption – see the Oracle Advanced Security Administrators Guide Overall performance of the database is better when encrypted and non encrypted data is not mixed

Encryption – Steps taken to Prepare for this task The DBA Team dug into the Oracle Advanced Security Administrator’s Guide. Determined the type of encryption we were going to utilize. Column level, tablespace level Determined necessary steps encrypt the data Create a wallet, create encrypted tablespace, import data, etc Created a test plan: Determined what portion of the online applications we wanted to test Determined what batch processes we want to test and secured test data Determined how we were going to gather metrics and measure results

Encryption – Performance Expectations Oracle states in the Oracle Advanced Administrator’s Guide performance could be degraded by up to 8% To determine the impact on our applications, we measured; On-line SQL statements Execution times for large queries through on-line interfaces Execution times for large batch processes It is important to note that the most important thing to test is batch processing. We were concerned that performance impact would lengthen the nightly batch processing window.

Encryption – What we found Performance varied between databases. Some third party software products do not work well with Oracle Encryption and it is stated in their documentation (IBM Filenet, etc) We did experience some performance impact on very complex SQL Overall operation of the applications was not affected because; Hardware was right-sized to absorb some degradation Data was reorganized as we laid it down into the brand new tablespaces We ‘tuned’ parts of the database where impact was measurable It took around 10 hours to do just the encryption work for a 600GB database (not including backups)

Encryption –Timeline for Production Implementation Start approx. 5:40 pm on 8/21/15 Finish approx. 10:00 pm on 8/22/15 Approx. 29 hours

Encryption – Implementation Tasks Scheduled the outage with all key players (Business and Technical) Completed the production schedule for the day Shut down all front-end pieces of the applications and put up maintenance pages Ensured no processes remained connected to the database Performed 3 back-ups so have multiple ways for a recovery if needed. MSDOS Cold Backup, RMAN Cold Backup (IOT took these), Full Export Dropped the appropriate schemas and tablespaces

Encryption – Implementation -- continued Re-created tablespaces Re-created the schemas and associated the new encrypted data tablelspaces to them Imported the data into the new encrypted tablespaces Brought Applications back-up Smoke testing performed by test team Released our system back to the public

Encryption – Costs Involved Licensing Oracle Advanced Security for our production RAC Clusters cost just over $100,000 Man Hours DBA’s – 300 (research and implementation) Development team - 80 (staging and executing batch tests) Test Team – 120 (executing scripts, validating results)

Acknowledgements Contributors to our success DWD Executive team IOT DBA Team DWD DBA Team DWD Test Team DWD Development Team

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.