Database 12c Data Redaction

Redaction or Masking of data is done to hide sensitive information, like credit card no and ssn etc, from prying eyes.

Prior to Oracle 12c in order to perform redaction and display a card no 1234-5678-8765-4321 in the form of 1234-****-****-4321 required the developer to code the masking code as a part of the application.

With data redaction this masking of the data has been moved from the application side to the database side. Thus allowing the developers to focus more on their coding task without worrying about securing the data.

Data Redaction does not have any performance degradation.

Difference between Data Masking and Data Redaction

Traditionally to hide data in the database level oracle used to implement Data Masking technology. Then the question arises how is data masking different from data redaction?

In case of Data Masking the original block was kept a copy of it was created and the masking policy was applied on top of it thus there was in a way multiple copies of the data that was getting stored in the database.

As can be seen above a copy of block1 is being created first and then it is being masked.

Data Redaction on the other hand applies the redaction policy on the fly that is the data is stored in its original format in the database but when requested by the application when requested by the application Oracle will mask it applying the redaction policy at run time and provide the encrypted data to the application.