Transparent Data Encryption
Encyclopedia
Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database content. TDE offers encryption at a column, table, and tablespace level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media. Enterprises typically employ TDE to solve compliance issues such as PCI DSS
.
Microsoft offers TDE as part of its Microsoft SQL Server 2008.
Oracle requires the Advanced Security Option for Oracle 10g and 11g to enable TDE. Oracle TDE addresses encryption requirements associated with public and private privacy and security mandates such as PCI and California SB1386. Oracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2. Oracle Advanced Security TDE tablespace encryption and support for Hardware Security Module
s (HSM) were introduced with Oracle Database 11gR1. Keys for TDE can be stored in a (HSM) to manage keys across servers, protect keys with hardware, and introduce a separation of duties.
The same key is used to encrypt columns in a table, regardless of the number of columns to be encrypted. These encryption keys are encrypted using the database server master key and are stored in a dictionary table in the database.
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
.
Microsoft offers TDE as part of its Microsoft SQL Server 2008.
Oracle requires the Advanced Security Option for Oracle 10g and 11g to enable TDE. Oracle TDE addresses encryption requirements associated with public and private privacy and security mandates such as PCI and California SB1386. Oracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2. Oracle Advanced Security TDE tablespace encryption and support for Hardware Security Module
Hardware Security Module
A hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications...
s (HSM) were introduced with Oracle Database 11gR1. Keys for TDE can be stored in a (HSM) to manage keys across servers, protect keys with hardware, and introduce a separation of duties.
The same key is used to encrypt columns in a table, regardless of the number of columns to be encrypted. These encryption keys are encrypted using the database server master key and are stored in a dictionary table in the database.
External links
- Understanding Transparent Data Encryption (TDE) (Microsoft)
- Using Transparent Data Encryption in Oracle Database 11g
- Oracle Transparent Data Encryption best practices
- TDE column encryption and TDE tablespace encryption in Oracle Database 11gR1
- Integration Guide: Oracle Database 11g TDE (Thales)
- http://download.oracle.com/docs/cd/B19306_01/network.102/b14268/asotrans.htm#BABDFHHH
- TDE with PCI