As data volumes grow and more data is moving over the network because of cloud computing, security of data is becoming more important. The two major aspects of data security are data at rest and data in transit.

One solution for data at rest is to encrypt the sensitive data in the database and store the encryption keys in a separate location; without the keys, any stolen data is worthless. However, you must strike a balance between two contradictory concepts: the convenience by which applications can access encryption keys and the security required to prevent the key theft. To comply with company and federal regulations, you need a solution immediately, without any complex coding. You can declare a column as encrypted without writing a single line of code. When users insert the data, the database transparently encrypts it and stores it in the column. Similarly, when users select the column, the database automatically decrypts it. This is done transparently without any change to the application code. Transparent data encryption of data at rest is becoming the norm in most relational database solutions.

Encryption of entire data devices or database storage units is another approach being taken. In the latest release of the Oracle Database (11g), it is possible to encrypt entire tablespaces. Tablespace encryption makes stored data encryption easier, without any storage increase, define a tablespace as 'encrypted' and use it to store your sensitive data. All major storage vendors including EMC, NetApp, IBM, Hitachi, and Oracle/Sun offer storage solutions that offer full disk encryption.

Although most companies take measures to encrypt and secure their production data, often the developer, quality assurance, and performance testing groups have unencrypted versions of the production data. Data masking allows for selected columns or all columns in the database table to have functionally equivalent data that is not the actual customer production data. Data masking allows for production data to be copied to test environments while not impacting the ability to perform proper application and system testing.

Most companies do an adequate job of securing data at rest from outside forces and internal IT users. However, some of the most recent high profile data breaches have been performed by IT personnel. This is why Oracle introduced the Oracle Database Vault. Oracle Database Vault addresses common regulatory compliance requirements and reduces the risk of insider threats by:

Another product from Oracle, Oracle Audit Vault, transparently collects and consolidates audit data, providing valuable insight into 'who did what to which data and when', including privileged users who have direct access to the database. With Oracle Audit Vault reports, alert notifications, and centralized audit policy management, the risks from internal threat and the cost of compliance are greatly reduced. This type of tracking can identify when a DBA performs suspicious activity on sensitive data such as credit card numbers or customer bank account balances.

Data in transit is typically secured using SSL or Virtual Private Networks (VPN). Major IT vendors are providing their own product offerings that provide end-to-end security; from the client to the database server. Oracle application and database servers support major security standards and specifications in the areas of Java, JEE, web services, and so on. Oracle provides a Security Framework that is standards-based, and any third-party or custom-developed security product can be plugged in as a Service Provider. Also the Oracle framework ships with default out of the box Service Providers.

Data at rest and in transit solutions from leading IT vendors will continue to be integrated into their hardware, software, database, network, and storage solutions. The more security is embedded in your IT infrastructure, as opposed to being separate software components, the more transparent and performant it will be.