Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/29/2009
11:23 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Oracle Applications Now Certified With Oracle's Data Encryption Feature

Oracle Advanced Security, an option to Oracle Database 11g Enterprise Edition, transparently encrypts all application data stored in an Oracle Database tablespace

REDWOOD SHORES, Calif., June 29 /PRNewswire-FirstCall/ --

News Facts

-- Continuing to deliver comprehensive data protection to the Oracle E-Business Suite, Oracle's PeopleSoft Enterprise, Oracle's Siebel CRM and Oracle's JD Edwards EnterpriseOne application customers, Oracle today announced that Oracle(R) Advanced Security, an option to Oracle Database 11g Enterprise Edition, transparently encrypts all application data stored in an Oracle Database tablespace. -- Customers that use the Transparent Data Encryption feature of Oracle Advanced Security can now encrypt entire data sets used by Oracle Applications for data privacy protection and to help meet regulatory requirements. -- By transparently encrypting application data using Oracle Advanced Security, customers can deploy quickly and implement greater data protection across their applications using efficient transparent encryption and decryption inside their Oracle Database.

Full Encryption for Sensitive Oracle Application Data

-- Oracle's Transparent Data Encryption provides increased protection for application data stored in the database (tablespace), without requiring enterprises to know which fields contain sensitive or regulated data, helping reduce deployment time and effort. -- It enables strong data privacy through the use of standards-based encryption algorithms such as Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES), as well as built-in key management with support for industry leading Hardware Security Modules. -- Since Oracle's Transparent Data Encryption automatically performs all cryptographic operations inside the Oracle Database, no costly and time consuming changes to existing applications are required. -- Customers can secure their application data with confidence, knowing the tablespace encryption and decryption operations are performed transparently and efficiently at the Oracle Database I/O layer. -- Oracle Advanced Security also works with Oracle Advanced Compression enabling Oracle Database 11g customers to encrypt application data after compression -- providing both data protection and storage savings. -- By encrypting data at rest in the database as well as when it leaves the database over the network or during backups, Oracle Advanced Security provides a cost-effective solution for data in transit and at rest encryption. -- Part of Oracle's comprehensive portfolio of database security solutions, Oracle Advanced Security helps organizations comply with privacy and regulatory mandates such as Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) as well as numerous breach notification laws.

Supporting Quotes

"Oracle Applications drive many of the business processes in the enterprise and their data must be protected. Being able to efficiently and transparently encrypt application data in the database tablespace makes Transparent Data Encryption very easy to deploy," said Vipin Samar, vice president of Database Security, Oracle. "Using the Transparent Data Encryption feature of Oracle Advanced Security in conjunction with Oracle Database 11g, customers can now efficiently encrypt not just select fields or columns, but all the application data - enabling a greater level of data privacy protection."

"New data privacy regulations are being introduced worldwide and existing regulations are being expanded to address increased threats to data," said Gary Loveland, PricewaterhouseCoopers' Advisory principal and security practice leader in the US. "Over the years, we've seen requirements to expand protection around critical data such as medical data, personal identifiable information, and credit card information. There is no doubt that in 2010 even more data will need to be protected. Being able to encrypt all application data efficiently is a big benefit to organizations in terms of keeping up with business needs and staying ahead of regulatory requirements."

Supporting Resources

-- Oracle Applications -- Oracle Advanced Security -- Oracle Transparent Data Encryption Best Practices -- Oracle E-Business Suite Technology Blog -- Oracle Security Inside Out Blog -- Download a free, evaluation version of Oracle Database 11g. Terms, conditions and restrictions apply.

About Oracle Database Security

For more than 30 years, Oracle has led the industry in securing sensitive data. Oracle Database 11g addresses today's data security challenges from data encryption, access control, and data classification, to audit and compliance reporting, as well as secure deployments and data masking. The comprehensive portfolio of security options for Oracle Database 11g, including Oracle Advanced Security, Oracle Database Vault, Oracle Label Security, Oracle Data Masking, and Oracle Audit Vault, helps organizations to transparently safeguard against data breaches and to achieve regulatory compliance without requiring changes to existing applications. To learn more about how to protect data with Oracle Database 11g today, please visit: http://www.oracle.com/database/security.

About Oracle

Oracle (Nasdaq: ORCL) is the world's largest business software company. For more information about Oracle, please visit our Web site at http://www.oracle.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3350
PUBLISHED: 2019-11-19
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
CVE-2011-3352
PUBLISHED: 2019-11-19
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context ...
CVE-2011-3349
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
CVE-2019-10080
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
CVE-2019-10083
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.