Most people are aware of Oracle’s Advanced Security Option (ASO), but many aren’t quite sure as to what exactly this option offers you. I know most people understand that data encryption is the most common reason one looks at the ASO option, but they aren’t quite sure how it works. They are also not completely aware of the other benefits of ASO.
The ASO data encryption feature is very flexible and fairly easy to implement. Unlike a homemade encryption solution, ASO lets you transparently encrypt data with no in house programming whatsoever. When you choose ASO to encrypt your data, you don’t have to encrypt all of your data in a given database. You can use Oracle’s Transparent Data Encryption (TDE) technology to encrypt just a set of tables (called a tablespace in Oracle lingo). You can also choose to encrypt just a specific column of data or a set of columns that hold sensitive data such as social security or credit card numbers.
In addition to enabling you to encrypt data in tables, ASO also lets you encrypt sensitive data stored on backup media such as tapes or disks. OAS can also encrypt all Oracle data export files.Thus, you protect all of your data that’s in storage or in use in active databases. Oracle offers support for leading strong authentication solutions such as PKI, Kerberos, and RADIUS-based authentication solutions.
The other great capability of OAS is its ability to protect all Oracle data that passes through the network channels, by encrypting the network traffic as well. Oracle offers a choice of powerful encryption algorithms and sophisticated encryption key management capabilities that end up making OAS a no nonsense, easy to manage encryption solution for both “data at rest” and “data in flight”.