Following the numerous recent security breaches in the news, many organizations are considering the need to encrypt their enterprise data, especially sensitive data that contains personally identifiable information (Social Security Numbers are a good example) and financial information such as credit card numbers. With Oracle, we suggest Oracle Encryption using the Oracle Advanced Security Option. The ASO Option is a straight forward, no-code solution for data encryption to protect data throughout its life cycle. Implementing ASO is fairly easy, and you don’t need to change your current applications in order to incorporate the encryption of data. ASO also helps encrypt the backup data with advanced encryption algorithms. You can also use ASO’s network encryption capability to ensure that data flowing between an Oracle client and the database listener is protected. Advanced encryption also helps encrypt the export files from a database that contain sensitive data. There are several ways to configure the encryption of data – you can encrypt at the tablespace level or at the column level.
You can use Oracle Wallets to store the encryption keys, or use third-party Hardware Security Modules to store the encryption keys. I recommend Hardware Security Modules – they help generate and store encryption keys and work better than Oracle Wallets.
Database performance following data encryption is always a key concern – you must build valid test cases for encrypted data and minimize the performance impact by designing effective indexing strategies. A well designed encryption strategy should have a minimal impact on the performance of a database.