This guide describes how to integrate and use Thales e-Security Security World software (or Security World software) and Thales e-Security nShield Hardware Security Modules (or HSMs) with an Oracle database. This provides data-at-rest encryption for sensitive information held by the Oracle database. Both multitenant and non-multitenant Oracle database types are supported.
Oracle database software, and Thales Security World software with nShield HSMs, can be independently installed on the same host server. They can then be configured to interoperate through a single library interface that requires very little setup. It is possible to support multiple database instances on the same host server, while each database instance is restricted to access only its own encryption keys.
Integrated Oracle and Thales technology has been tested to support Oracle TDE tablespace encryption and TDE column encryption (and both concurrently). Thales nShield HSMs are certified to FIPS 140-2 (level 3) to deliver a high grade of security assurance. Functionality includes protection of sensitive encryption keys and support for offload of encryption and key management operations.