Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/29/2009
11:23 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Oracle Applications Now Certified With Oracle's Data Encryption Feature

Oracle Advanced Security, an option to Oracle Database 11g Enterprise Edition, transparently encrypts all application data stored in an Oracle Database tablespace

REDWOOD SHORES, Calif., June 29 /PRNewswire-FirstCall/ --

News Facts

-- Continuing to deliver comprehensive data protection to the Oracle E-Business Suite, Oracle's PeopleSoft Enterprise, Oracle's Siebel CRM and Oracle's JD Edwards EnterpriseOne application customers, Oracle today announced that Oracle(R) Advanced Security, an option to Oracle Database 11g Enterprise Edition, transparently encrypts all application data stored in an Oracle Database tablespace. -- Customers that use the Transparent Data Encryption feature of Oracle Advanced Security can now encrypt entire data sets used by Oracle Applications for data privacy protection and to help meet regulatory requirements. -- By transparently encrypting application data using Oracle Advanced Security, customers can deploy quickly and implement greater data protection across their applications using efficient transparent encryption and decryption inside their Oracle Database.

Full Encryption for Sensitive Oracle Application Data

-- Oracle's Transparent Data Encryption provides increased protection for application data stored in the database (tablespace), without requiring enterprises to know which fields contain sensitive or regulated data, helping reduce deployment time and effort. -- It enables strong data privacy through the use of standards-based encryption algorithms such as Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES), as well as built-in key management with support for industry leading Hardware Security Modules. -- Since Oracle's Transparent Data Encryption automatically performs all cryptographic operations inside the Oracle Database, no costly and time consuming changes to existing applications are required. -- Customers can secure their application data with confidence, knowing the tablespace encryption and decryption operations are performed transparently and efficiently at the Oracle Database I/O layer. -- Oracle Advanced Security also works with Oracle Advanced Compression enabling Oracle Database 11g customers to encrypt application data after compression -- providing both data protection and storage savings. -- By encrypting data at rest in the database as well as when it leaves the database over the network or during backups, Oracle Advanced Security provides a cost-effective solution for data in transit and at rest encryption. -- Part of Oracle's comprehensive portfolio of database security solutions, Oracle Advanced Security helps organizations comply with privacy and regulatory mandates such as Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) as well as numerous breach notification laws.

Supporting Quotes

"Oracle Applications drive many of the business processes in the enterprise and their data must be protected. Being able to efficiently and transparently encrypt application data in the database tablespace makes Transparent Data Encryption very easy to deploy," said Vipin Samar, vice president of Database Security, Oracle. "Using the Transparent Data Encryption feature of Oracle Advanced Security in conjunction with Oracle Database 11g, customers can now efficiently encrypt not just select fields or columns, but all the application data - enabling a greater level of data privacy protection."

"New data privacy regulations are being introduced worldwide and existing regulations are being expanded to address increased threats to data," said Gary Loveland, PricewaterhouseCoopers' Advisory principal and security practice leader in the US. "Over the years, we've seen requirements to expand protection around critical data such as medical data, personal identifiable information, and credit card information. There is no doubt that in 2010 even more data will need to be protected. Being able to encrypt all application data efficiently is a big benefit to organizations in terms of keeping up with business needs and staying ahead of regulatory requirements."

Supporting Resources

-- Oracle Applications -- Oracle Advanced Security -- Oracle Transparent Data Encryption Best Practices -- Oracle E-Business Suite Technology Blog -- Oracle Security Inside Out Blog -- Download a free, evaluation version of Oracle Database 11g. Terms, conditions and restrictions apply.

About Oracle Database Security

For more than 30 years, Oracle has led the industry in securing sensitive data. Oracle Database 11g addresses today's data security challenges from data encryption, access control, and data classification, to audit and compliance reporting, as well as secure deployments and data masking. The comprehensive portfolio of security options for Oracle Database 11g, including Oracle Advanced Security, Oracle Database Vault, Oracle Label Security, Oracle Data Masking, and Oracle Audit Vault, helps organizations to transparently safeguard against data breaches and to achieve regulatory compliance without requiring changes to existing applications. To learn more about how to protect data with Oracle Database 11g today, please visit: http://www.oracle.com/database/security.

About Oracle

Oracle (Nasdaq: ORCL) is the world's largest business software company. For more information about Oracle, please visit our Web site at http://www.oracle.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.