Hello there, oracle experts.
My client of mine wants to deploy an application that has to hold credit card numbers in a database. The client is obviously concerned with security.
We are particularly concerend with one painful issue. How can we make sure that only authorized users with a 'business need to know' are allowed to access the data? How can we protect the data from the DBA?
One obvious solution is to encrypt at the application level. We don't want to do that.
An oracle product that came up as a possible solution is Orace TDE (Transparent Data Encryption). It seems to cover the on-disk encryption case well. However, there have been disputing claims if it can be used to hide data from someone with DBA privileges.
I want to be very specific about the use case we're dealing with. We have an up and running application, 24/7/365, that is doing data access constantly. That means that the Oracle wallet is open and data is being decrypted by the database. AT THE SAME TIME a DBA should still be unable to access the data.
I know that Oracle is marketing Oracle Database Vault for this very issue. Given that all I want to do is block DBA access from just one particular table, do I really need the Vault or can I use TDE?
Assistance would be much appreciated,
Or