Encrypting Data-at-Rest

An Oracle database manages your data but at the end of the day the data resides within a set of operating system fi les. Th ese fi les are protected through fi le permissions. A privileged user or an attacker who has managed to bypass the fi le system that is enforcing these permissions has access to these fi les and can access the data even if they have no permission to do so directly through an Oracle connection. Th e fi les contain the data, and access to the fi les implies access to the data. Th is is the fundamental problem that encryption of data-at-rest within an Oracle environment solves. If you keep the sensitive data encrypted, then access to the fi les does not mean that the sensitive data is available.