Hi All,

Wish you all a Happy New year ' 09..

I am working on oracle security (data in rest (file systems) and in motion (network encryption) ) for SAP systems with Oracle database.

Here is my initial analysis

1. Data stored in rest (File system) - Oracle 10g (10.2.0.4) provides Transparent Data Encrytion which is supported by SAP also - please correct me if i am wrong.

2. Data in motion (Network Encryption) - Oracle provides few parameters which needs to be added in sqlnet.ora file (encryption and checksum parameters).

Would appreciate if you can clarify following doubts and provide information based on your experience:

a. Oracle Transparent Data Encryption works at column level only. So we need to first identify the respective tables and columns - and this will be a time consuming activity. Is there fast way to do that - i mean some sort of automating scripts which identifies critical tables and columns based on initial inputs.

b. With TDE, inspite of modifying specific tables, columns - can we encrypt the complete database - how much would be the performance impact (approx figures).

c. Except TDE, is there any other solution for oracle database encryption (data stored at disks/backup media) which is being supported by SAP systems.

d. How can i verify that oracle database has been encrypted when stored in file systems or backup media.

e. How can i verify that data transferred from oracle database to end user machine has been encrypted.

f. Please provide some case stuides / documentation on this.

Appreciate your patience for going through this and looking forward to hear from your experience/knowledge.

Best Regards

Davinderpal Singh