Oracle Data Redaction
Published by : Obay Salah , November 20, 2024
It is the process of selectively removing or obfuscating sensitive or confidential information from databases. Data Redaction provides a way to redact data returned by queries.
You can redact column data using one of the following methods:
- Full Redaction: You can redact all the contents of the column data. The redacted value returned from the query to the user depends on the column's data type. For example, columns of NUMBER data type are redacted to zero (0), and character data types are redacted to a single space.
- Partial Redaction: Redacts part of the column's data. For example, you can redact a social security number with asterisks (*), except for the last four digits.
- Regular Expressions: You can use regular expressions to search for patterns in data that need to be redacted. For example, you can use regular expressions to redact email addresses, which may have varying lengths of characters. This is designed for use with personal data only.
- Random Redaction: The redacted data presented to the user of the query application appears as randomly generated values each time it is displayed, depending on the column's data type.
- Nullify Redaction: This type redacts all data in the column and replaces it with a NULL value.
- No Redaction: No redaction is applied. This option can be used to test the internal operation of your redaction policies without affecting query results against tables that have redaction policies applied. You can use this option to test the redaction policy definitions before applying them in a production environment.
Data Redaction is transparent to application users as it preserves the original data. It is highly transparent to the database as the data remains unchanged in the database and storage, and is only modified at the last moment before returning SQL query results to the caller. Redaction is consistently enforced across all applications using the same underlying database.
You can specify which application users should only see the redacted data by checking the application user's information passed to the database via the SYS_CONTEXT function; you can redact data based on the current database attributes or the application user; and you can implement multiple logical conditions within a given redaction policy. Furthermore, the redaction process is implemented in a way that minimizes the performance burden. These features make Oracle Data Redaction particularly well-suited for use across a variety of applications, analytical tools, reporting tools, and monitoring tools that share common production databases.
Oracle Database enforces redaction at runtime when users access the data (i.e., when the query is executed). This solution works well in a production environment. During the time when data is being redacted, all data processing is performed normally, and Constraints are maintained.
Data redaction can help you comply with industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS) by, for example, helping restrict access to cardholder data based on the company's need to know.
Comments
no comment yet!