Note: This is Part I in the Cyber Security series, by Vishal Khare.























Introduction

Since Oracle database release 11g, Oracle provides data encryption at the tablespace level. This feature allows the entire tablespace data to be encrypted, including all tables and indexes.

Table encryption is a good alternative compared to TDE column encryption. Keep in mind that this feature does not encrypt data that is outside of the tablespace.

A big advantage is that only an authorized user can have access to view or modify the data. There is no visibility to the individual application user, whether data in the tablespace is encrypted.

Implementation

To enable TDE tablespace encryption, the Oracle database version must be 11g release 1 or higher. Here are the high level steps to configure:

Create Oracle Wallet and set a master TDE key.Create an encrypted tablespace using clause, "encryption default storage(encrypt)”.Create tables, specifying the TDE tablespace. Oracle Wallet should be opened to query the table inside the encrypted tablespace.

You can view the newly created tablespace by joining the v$tablespace and v$encrypted_tablespace views. 

AdvantagesThis provides bulk encryption; there is no need for column based encryption.All objects/data in TDE tablespace are automatically encrypted.No modification is required at the application level.