With today’s growing concerns regarding the security on BYO devices (BYOD) such as smartphones, tablets, and laptops; it is critical to ensure sensitive data is not exposed. Enacting security policies and procedures that help remove or reduce these concerns is mandatory in today’s world. Data Redaction is a new feature of the Oracle Advanced Security Enterprise Option introduced with version 12c. It is still a feature that must be licensed separately from Oracle Database Enterprise Edition 12c, but it goes a long way in helping with the enactment of your security policies.
An example of data redaction is something we have all seen when ordering something online at a website you’ve used before. When asked if you would like to use the Credit Card on file and will show something like the following;
This security feature removes sensitive information at the end user layer, before the end user sees it, but without removing or changing the data in the database. This is done with easy to create policies and with minimal resource usage.
According to Oracle, this security feature prevents data columns (such as credit card numbers, Social Security numbers, and other sensitive or regulated data) from being displayed. Sensitive display data can be redacted at runtime on live production systems with minimal disruption to running applications and without altering the actual stored data. Different types of redaction are supported and you can conceal entire data values or redact only part of the value.
What’s the difference between Data Masking and Redaction? Oracle Data Masking Pack is mainly used for non-production environments to mask data sets in bulk. However, Data Redaction is used in production environments for redacting data in applications, without having to make changes to the application itself.
Oracle Advanced Security with Oracle Database 12c is available on both new and legacy applications that need to limit exposure of sensitive data without invasive application changes. Oracle Data Redaction was also a feature added during the patch for Oracle Database 11g Release 2 (220.127.116.11), back-ported from Oracle 12c R1.