Encryption at Rest
Important: This feature is only available if it is enabled for your account.
Encryption at Rest is Oracle Responsys' solution to "data at rest encryption". Encryption at Rest provides security for data in files that are saved on disk (or at rest) by encrypting that data. Using Oracle Transparent Data Encryption (TDE) technology, Encryption at Rest encrypts Responsys data to prevent access from unauthorized users. For Responsys accounts with security mandates to protect their data at rest from unauthorized access, Encryption at Rest offers advanced data protection.
Oracle Transparent Data Encryption (TDE) Technology
Oracle TDE prevents attacks from users attempting to read sensitive data from tablespace files and users attempting to read information from acquired disks or back ups by denying access to clear text data. Oracle TDE technology uses two-tier encryption key architecture to enforce clear separation of keys from encrypted data. The encryption keys for this feature are all managed by Oracle TDE. The encryption algorithm used is AES128.
For detailed information about Oracle TDE, see Oracle Transparent Data Encryption FAQs.
File Encryption
Encryption at Rest encrypts files stored on disk in the Oracle Responsys Customer Database, Event Database, and Data Warehouse. Some of the files encrypted include:
- Database archive files
- Non-database files that may include data (email addresses for example)
- Secondary AFTM database files (includes the failover database used by AFTM)
Content Library files are not encrypted. Data files residing in other applications exchanged between a Responsys integration are not encrypted by this feature.
Enabling Encryption at Rest
Existing accounts must first be migrated to an Oracle TDE database before this feature can be enabled, this migration requires downtime of approximately 24 hours.
New accounts are enabled for Encryption at Rest on an Oracle TDE database by default. Additionally, for new accounts encryption at rest is fully enabled for the account and the appropriate settings are configured.
Important: Enabling Encryption at Rest is irreversible. Once accounts are hosted in an Oracle TDE database, disk files are automatically encrypted and this process cannot be reversed.