Banner Default Image

HSM on Demand for Oracle TDE


Free Evaluation

Cloud-based HSM service for secure storage of Oracle TDE encryption keys

HSM on Demand for Oracle TDE

Encryption keys are generally stored locally with the database for performance and scalability reasons but this introduces the challenge of how to protect the encryption keys that were used for data encryption. The solution is to encrypt the local encryption keys, commonly referred to as Data Encryption Keys (DEK) with a Key Encryption Key (KEK) or Master key that resides in the HSM on Demand service key vault. This ensures that only authorized services are allowed to request the DEK to be decrypted. If an attacker steals the database, the content of the database is encrypted and inaccessible as the attacker does not have access to the HSM on Demand for Oracle TDE where the KEK is kept.

Key Features

  • Oracle TDE data encryption keys are encrypted with a master key
  • HSM on Demand service key vault ensures protection of Master key
  • Only authorized services are allowed to request the DEK to be decrypted
  • Encrypt local encryption keys (DEK) with Key Encryption Key (KEK)

Benefits

  • Optimal performance
  • Scalable solution
  • Fully automated service orchestration
  • Focus on your business, not managing security hardware and software
Thales Data Protection On Demand Services - Solution Brief

Thales Data Protection on Demand Services - Solution Brief

Thales Data Protection on Demand is a cloud-based platform that provides a wide range of Cloud HSM and CipherTrust Cloud Key Management services through a simple online marketplace. With Luna Cloud HSM and CipherTrust Cloud Key Management services on Data Protection on Demand ...

Configure your Oracle Standard/TDE/RAC Database to generate and secure application encryption keys using a Luna Cloud HSM Service —Technical Document

Configure your Oracle Standard/TDE/RAC Database to generate and secure application encryption keys using a Luna Cloud HSM Service —Technical Document

Configure your Oracle Standard/TDE/RAC Database to generate and secure application encryption keys using a Luna Cloud HSM Service. The Luna Cloud HSM Service provides full key life-cycle management with FIPS-certified hardware and reduces the cryptographic load on the host server CPU.

Oracle Transparent Data Encryption (TDE) Database Integration Guide

Oracle Transparent Data Encryption (TDE) Database Integration Guide

TDE allows you to encrypt sensitive data in database table columns or application tablespaces. We recommend securing the columns on the Oracle database with TDE using an HSM on Demand service for the following reasons:

Storing Oracle Database Secrets in a Hardware Keystore—Technical Document

Storing Oracle Database Secrets in a Hardware Keystore—Technical Document

Secrets are data that support internal Oracle Database features that integrate external clients, such as Oracle GoldenGate, into the database.