Agile data masking to the encrypted Oracle database

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
How to mask the encrypted Oracle database with Agile data masking ?
The encrypted database might be decrypted before masking...
Photo of HJ

HJ

  • 540 Points 500 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Jaclyn Schoof

Jaclyn Schoof, Community Manager

  • 5,092 Points 5k badge 2x thumb
Heungjae that is a great question! I'm reaching out to our developers to get an answer for you!
Photo of Michael Brown

Michael Brown

  • 1,540 Points 1k badge 2x thumb
Heungjae,

Masking is accomplished through an Extract-Transform-Load process. We read from the table(s) to be masked, modify the data in memory on the masking engine, and then update the data in the database. Thus, the data at rest is not decrypted. We use the same methods to access the data as any application would, specifically SQL over a JDBC connection.

Thank you for your question,

Michael
Photo of HJ

HJ

  • 540 Points 500 badge 2x thumb
Thanks, How to interface when using the column level encryption API not TDE ?
(Edited)
Photo of HJ

HJ

  • 540 Points 500 badge 2x thumb
Masking the encrypted database would be depend on how the encryption is applied.
Need more kindly answer.
Photo of Hubert Sun

Hubert Sun, Director, Development Engineering

  • 200 Points 100 badge 2x thumb
Hi Heungjae, can you you send a link to the "Column Level Encryption API" you are referring to? As Michael said, masking works at the user level. As long as the user you supply has permissions to read and write to the column, it will work.
Photo of HJ

HJ

  • 540 Points 500 badge 2x thumb
Hello, DBMS_CRYTPO is sample encrypttion API in Oracle http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm#i1004146
Photo of Hubert Sun

Hubert Sun, Director, Development Engineering

  • 200 Points 100 badge 2x thumb
Official Response
The use of DBMS_CRYPTO is managed by the application, so it's not something that Agile Masking can handle out of the box. Depending on how it's used, Agile Masking could potentially be customized to handle data encrypted by DBMS_CRYPTO.

TDE works because the encryption/decryption process is transparent to the application/user.