Within Oracle environments, Oracle offers a native encryption functionality called transparent data encryption (TDE).  While TDE provides encryption, it is an incomplete strategy by itself due to local database encryption key storage and management.  This is especially true if regulatory compliance is a consideration, because TDE encryption keys are stored locally in software on the same server as the database.

Fortunately, Thales solves this problem for TDE customers with its CipherTrust Manager enterprise key management platform.  Separating encryption keys from  the encrypted data is a best practice and the foundation of an effective and compliant encryption strategy. Organizations that choose Oracle TDE can secure and manage their database encryption keys with CipherTrust Manager to ensure that an encrypted database cannot be accessed without CipherTrust Manager authentication.  This barrier to entry both secures data and serves as a deterrent to any would-be attackers.

The adoption of Oracle Cloud Infrastructure (OCI) continues to grow exponentially. A successful migration to OCI from legacy on-prem implementations requires that organizations must first address the security of their sensitive data. While OCI’s native encryption allows organizations to securely move sensitive data to OCI, it also has new administrative and compliance implications. To extract the full value of OCI, organizations need to find a way to maintain control of their sensitive data and streamline their security administration. Fortunately, Thales together with Oracle ease the challenges of managing data protection of sensitive data when migrated to OCI.

Oracle Transparent Data Encryption (TDE) provides the infrastructure necessary for implementing encryption within the database. It enables the organizations to encrypt sensitive application data such as credit card numbers on storage media completely transparent to the application (table columns or tablespaces). It encrypts the data in the data files so that in case they are obtained by other parties it is not possible to access the clear text data. In the databases where TDE is configured, any user who has access on an encrypted table, can see the data in clear text because Oracle transparently decrypts the data for any user having the necessary privileges.

This solution can be used within Oracle Exadata, which is an optimized, high-performance platform designed for organizations that handle extremely large quantities of data quickly.

TDE uses a two-tier encryption key architecture consisting of:

• A master encryption key that is used to encrypt secondary keys used for column encryption and tablespace encryption.
• One or more table and/or tablespace keys. These keys are used to encrypt one or more specific columns or the keys used to encrypt tablespaces. There is only one table key regardless of the number of encrypted columns in a table and it is stored in the data dictionary. The tablespace key is stored in the header of each data file of the encrypted tablespace.

The table and tablespace keys are encrypted using the master key. The master key is stored in an External Security Module (ESM) that can be one of the following:

• An Oracle Wallet – a secure container outside of the database. It is encrypted with a password.
• CipherTrust Manager – a device used to secure keys and perform cryptographic operations. Oracle interfaces to the device using a PKCS#11 library supplied by the CipherTrust Manager vendor.

CipherTrust Manager provides a secure location for storing the TDE master encryption key. Thales PKCS#11 provides an industry-standard interface that enables the Oracle database to communicate with CipherTrust Manager.

Oracle Secure Global Desktop is a secure remote access solution providing access to applications running on Microsoft Windows, Linux, Oracle Solaris and mainframe servers from a wide variety of popular client devices, including Windows PCs, Macs, Linux PCs, and tablets such as the Apple iPad and Android-based devices. Oracle Secure Global Desktop allows administrators the freedom to use a single solution to provide secure access to a variety of applications and desktop environments in the data center. SafeNet Trusted Access raises the identity assurance level of users accessing Global Desktop with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Oracle Solaris is a enterprise UNIX operating system that  provides high performance, scalability, and reliability. Optimized to run Oracle hardware, databases, and middleware for remote access, the Pluggable Authentication Module (PAM) framework lets businesses “plug in” new authentication services without changing system entry services. SafeNet Trusted Access raises the identity assurance level of users accessing Solaris with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Oracle Access Manager provides the core functionality of sign For STA SAML integrations, please refer toon, authentication, authorization, centralized policy administration, agent management, and real-time session management and auditing for remote access. Built as a 100% Java solution, Access Manager provides rich functionality, extreme scalability and high availability thereby increasing security, improving user experience and productivity, and enhancing compliance while reducing total cost of ownership. SafeNet Trusted Access raises the identity assurance level of users with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be. SafeNet Trusted Access provides a cost-effective, innovative, unbeatable security solution that allows businesses to continue using their existing authentication systems.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.