Contact Us

HSM On Demand for Oracle TDE

HSM On Demand for Oracle TDE

Ensure Oracle TDE data encryption keys are encrypted with a master key that resides within the HSM for optimal performance and scalability.

Cloud-based HSM service for secure storage of Oracle TDE encryption keys

Encryption keys are generally stored locally with the database for performance and scalability reasons but this introduces the challenge of how to protect the encryption keys that were used for data encryption. The solution is to encrypt the local encryption keys, commonly referred to as Data Encryption Keys (DEK) with a Key Encryption Key (KEK) or Master key that resides in the HSM On Demand service key vault. This ensures that only authorized services are allowed to request the DEK to be decrypted. If an attacker steals the database, the content of the database is encrypted and inaccessible as the attacker does not have access to the HSM On Demand for Oracle TDE where the KEK is kept.

Key Features

  • Oracle TDE data encryption keys are encrypted with a master key
  • HSM On Demand service key vault ensures protection of Master key
  • Only authorized services are allowed to request the DEK to be decrypted
  • Encrypt local encryption keys (DEK) with Key Encryption Key (KEK)

Benefits

  • Optimal performance
  • Scalable solution
  • Fully automated service orchestration
  • Focus on your business, not managing security hardware and software
 
SafeNet Data Protection On Demand Services Solution Brief

SafeNet Data Protection On Demand Services Solution Brief

With SafeNet Data Protection On Demand, security is made simpler.

View the Solution Brief

Resources

Oracle Database - Integration Guide

Learn about the detailed procedures on integrating your Oracle Database with an HSM on Demand service and enabling transparent data encryption (TDE).

Get this resource
 

Start Using SafeNet Data Protection On Demand

 
Sign Up Now