Oracle Advanced Security (OAS) is an Option that you can purchase for your Oracle databases. What exactly can OAS do for you? There are two key things that you can do with OAS – encrypt what is called data “at rest” and data “in flight”.
The data at test that OAS lets you protect is the data stored on your storage disks, whether they are in database storage or in backup storage. Since your database and backup data is stored on disks (and sometimes tapes), there is no saying when an unauthorized person can “peek” into confidential customer and company data. Security requirements such as those imposed by PCI-DSS, HIPAA and others stipulate that you encrypt sensitive information such as credit card numbers. You can use the Transparent Data Encryption (TDE), which is included in the OAS Option, to encrypt sensitive data at a fine grained “column “ level.
You can also encrypt entire chunks of data or even an entire application, using TDE. Whether you encrypt at the fine-grained level or at a much higher, “tablespace” level, Oracle encryption is transparent and doesn’t require you to modify any of your applications – this isn’t a long term project, unlike, say, Oracle Identity and Access Management. Once your DBA encrypts the data, Oracle writes only the encrypted data to disk storage – you can decrypt the data only if you can successfully pass the special authentication and access control checks at the application and database level. Oracle uses “encryption keys” to encrypt the data and it stores these keys in a secure location in storage, called an “Oracle Wallet”, or in a special hardware module supplied by leading security vendors such as Thale and Safenet.
OAS Option also helps you protect your data “in flight” – this is done by encrypting data that is flowing through your network. You can protect all data flowing to and from your Oracle databases with a secure socket layer (SSL) based encryption offered by the OAS Option.