Encrypt the Oracle database


I have a database, which has sensitive data. I want to find a way to keep it save from any changes applied by the DBA. my question will in two ways:
1- Is there any way to trace the changes and modification applied directly from the Database (changes on table level) ?
2- Could we encrypt the data to be unreadable by the tables ? and how can I keep the encryption formula away from people who access the database directly (not through an application)?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

johnsoneSenior Oracle DBACommented:
There are ways to audit changes, but realistically, any DBA can delete those audit records.

I think what you are looking for is database vault.  Very restrictive and even DBAs cannot get to data that you do not want them to.  It requires a new role, which is the vault administrator.  It shouldn't be a DBA or it defeats the purpose of what you are trying to do.

Basically, no matter what you do, someone has full access to everything.  Database vault can mitigate some of that, but as I recall the vault administrator still has access to all the data as the vault administrator controls the access.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
slightwv (䄆 Netminder) Commented:
I agree with johnsone that Database Vault is probably what you are after.

Yes, you can audit and somewhat protect the records from the DBA if you audit to the OS.  Then the records are sort of protected by the sys admin.

Yes, you can encrypt the data at several different levels.  Data at rest, backups and even in the active columns.

>>someone has full access to everything
This is the one place I do disagree.  I'm pretty confident you can tighten things down to such a level that no single person has all the keys to get everything.

Since you'll need to buy Oracle Vault, I would contact your Oracle Account Team directly.  They will be able to go over all of your requirements and explain exactly what you need.

I would start with the available information.  This paper has one example but seems to also have several useful links about additional security:
johnsoneSenior Oracle DBACommented:
I'm pretty sure that even with Database Vault, there still has to be someone with all access (or the ability to give it to themselves).  You can lock it down to the point where it is difficult to do it, but as far as I know it is still possible to get access to everything.
slightwv (䄆 Netminder) Commented:
>>there still has to be someone with all access

In this day and age, no one trusts anyone!

I'm not 100% sure you can keep everyone of of the data.  I don't have a paper/link that spells out exactly how to do it.  Just going from an Oracle Security Seminar I recently attended where it was mentioned that it was possible.

Even if someone might have all access, you can protect audit data from that person so you can see what they were doing.

Separation of duties has a lot of renewed efforts and new tools over the last few years due to a few, highly publicized, insider breaches.

I'm betting that given enough $$$, it is impossible for a single person to cover their tracks.
johnsoneSenior Oracle DBACommented:
No, nobody trusts anyone.

I have lived through so many separation of duties issues I don't want to recall them all.

One place where I was, we had a database vault installation and many controls in place around that database.  I know that we (the DBAs) couldn't see data in the tables that were protected by the vault, but the vault administrator controlled the access.  From what I understood, the vault administrator could (in theory anyway) give access to anyone (including themselves).  It was likely to get caught in an audit as they wouldn't have access to remove their tracks.  But, cross training of at least one DBA (in cause the vault administrator was out or unavailable) gave access back to one person.  There isn't enough work to justify more than one vault administrator and someone else needs to know it in case something breaks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Oracle Database

From novice to tech pro — start learning today.