Skip to Main Content
  • Questions

  • TDE Column vs TDE tablespace when to use

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Lal.

Asked: September 19, 2018 - 4:03 am UTC

Last updated: March 27, 2019 - 7:20 am UTC

Version: 12.2.0.1

Viewed 1000+ times

You Asked

Hi,

I have gone through the TDE column and TDE tablespace encryption. Most cases TDE tablespace option is found to be better compared to TDE column option.

Wanted to know what advantage TDE column encryption gives or rather the use cases for TDE column encryption over TDE tablespace encryption.


and Chris said...

The advantage of using TDE column is you only have the encryption/decryption overhead when accessing that column.

Say you only have 1-2 columns that you want to encrypt. And you access these (relatively) rarely. This may give you better performance than tablespace level encryption.

That said, I'd only go with column-level encryption if performance is critical for you. The overhead for TDE tablespace is low (test on your DB to find your impact!).

And TDE column has many restrictions:

Do not use TDE column encryption with the following database features:

- Index types other than B-tree
- Range scan search through an index
- Synchronous change data capture
- Transportable tablespaces
- Columns that have been created as identity columns

In addition, you cannot use TDE column encryption to encrypt columns used in foreign key constraints.

https://docs.oracle.com/en/database/oracle/oracle-database/18/asoag/configuring-transparent-data-encryption.html#GUID-9A78E72B-D9D9-4BA2-BFEF-11C0060B6F91

Tablespace-level also saves you time analyzing which columns store sensitive data. Everything's encrypted. So you don't need to debate what to encrypt (or not).

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Ani, March 26, 2019 - 5:06 am UTC

What is the use in terms of Space . We have observed in column level encryption its taking more space.

Can you please explain whether it will take more space on Tablespace Encryption..?
Connor McDonald
March 27, 2019 - 7:20 am UTC

We add "salt" (extra data) to the column text before encrypting it. You have some control over this, but by default, its an increase to the data.

An excellent FAQ is here

https://www.oracle.com/technetwork/database/security/tde-faq-093689.html


...yeah, and thanks for the 2 out of 5 stars. Man...tough crowd :-)
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database