1. Security Guide
  2. Protecting Sensitive Data in the Siebel Database

Protecting Sensitive Data in the Siebel Database

It's recommended that you protect sensitive application data in the Siebel database by encrypting the data. You can choose to encrypt the following:

  • Specific database fields

  • Specific database tables

  • The entire database

Siebel CRM supports field-level encryption of sensitive information stored in the Siebel database, for example, credit card numbers or national identity numbers. You can configure Siebel CRM to encrypt field data before it's written to the Siebel database and decrypt the same data when it's retrieved. This configuration prevents attempts to view sensitive data directly from the Siebel database.

Siebel CRM supports data encryption using Advanced Encryption Standard (AES). By default, data encryption isn'tconfigured. It's recommended that you set data encryption for business component fields using Siebel Tools. For information on encrypting data, see Communications and Data Encryption.

When field-level encryption is implemented, data isn't decrypted until it's displayed by a user who has the necessary privileges to view the data. The data remains encrypted even when it's loaded into memory, which increases data security. However, using field-level encryption affects performance.

As an alternative to field-level encryption, you can secure sensitive data using products such as the following:

  • Transparent Data Encryption. If you're using a Microsoft or Oracle database with Siebel CRM, then you can use the Transparent Data Encryption feature to encrypt data in the Siebel database. Oracle databases support the use of Transparent Data Encryption to encrypt data at the column and tablespace level. Microsoft databases support the use of Transparent Data Encryption to encrypt data at the cell and database level.

    Transparent Data Encryption encrypts data when it's written to the database and decrypts it when it's accessed by Siebel CRM. Application pages are decrypted as they're read and are stored in memory in clear text. Because the data isn't encrypted when it's being sent to Siebel CRM, you must also enable TLS to protect communications between the server and clients. The performance impact of implementing Transparent Data Encryption is minimal.

  • Oracle Database Vault. If you're using an Oracle database with Siebel CRM, then you can use Oracle Database Vault to restrict access to all the schemas and objects in your application database, or to individual objects and schemas by users, including users with administrative access to the database.

    Oracle Database Vault lets you define a Realm, a protection boundary, around all or some objects in your database. The database administrator can work with all the objects within the Realm but can't access the application data that they contain. This restriction protects your data from insider threats from users with extensive database privileges.