August 20, 2012
The UTS DBA Team is taking advantage of some new features in Oracle 11g to provide a higher level of protection for sensitive data. With features like Transparent Data Encryption, there is now an extra layer of data protection that addresses some concerns related to things like HIPAA-compliance.
The offering isn't designed to be the only level of data protection and still relies on application logging for auditing and other security procedures as defined by OIT.
Per Oracle, "Transparent data encryption enables you to encrypt individual table columns or an entire tablespace. When a user inserts data into an encrypted column, transparent data encryption automatically encrypts the data. When users select the column, the data is automatically decrypted. After the selection, the data is re-encrypted."
Transparent data encryption helps protect data stored on media in the event that the storage media or data file gets stolen, because it stores the encryption keys in a security module (that is, a wallet) external to the database. Protecting data from this type of theft is required for most compliance regulations. The benefit to using transparent data encryption is that it requires little coding and is quick and easy to implement.
If you have a project that would benefit from an encrypted database for compliance reasons (or paranoia), feel free to reach out to the UTS DBA Team for more information. The team is available via dba@emory.edu or visit their public wiki link at https://wiki.service.emory.edu/display/infrastructure/Database+Administration.