-
Generally, people tend to think of encryption/ decryption processing load when DB is encrypted.
However, it is trivial to CPU loading capacity even though the load does exist.
The main factor is a Full Table Scan because it cannot support index search.
CubeOne is the product to enable index search using a patented technology, Advanced Indexing, with an encrypted table and index.
-
It does support Join search.CubeOne enables index search between “encrypted column and encrypted column” and “encrypted column and general column” using Index freely.
-
You can do as usual with CubeOne
-
In case there are jobs such as addition/deletion of columns in the encrypted table, you must use CubeOne Manager.
It will not operate properly using SQL*Plus or the DB tool.
-
It does completely.
The key to RAC organization is to be able to share encryption and decryption keys of specific encrypted columns as the same table is shared with many nodes.
CubeOne can manage the key at safe mode with a key distribution system. (The key is not stored in DB table or file.)
-
One of the many advantages of CubeOne is that there are no limitations in such construction.
Therefore, data such as Social Security No., account No., and name are encrypted without any limits and can be scanned with encrypted index, which is the best advantage of all.Currently, most sites are operational with Social Security numbers encrypted. -
A block algorithm is encrypted by 16 bytes, and if there are several of the same data (Ex., name), there is a risk of analogical interpretations since they are encrypted altogether without using IV.
Therefore, IV is necessary to increase security, even if they are the same data, to encrypt differently.
However, it becomes impossible even for a corresponding search in case of general products if IV is used, therefore, it can’t be used. In case of CubeOne, using Advanced Indexing function and IV, index search is possible with the table and index all encrypted.
-
It expands by 16 bytes depending on the length of the original data when encrypted with a block algorithm applied.
-
It is not necessary with CubeOne.
Before the completion of construction, since the original table is being used, you can terminate the process of CubeOne and delete an encrypted table under construction for simple completion.
This is enabled by no downtime construction structure of Cubeone
-
Data encryption is different depending on the size of table for encryption, numbers, columns, CPU Clock and number of systems. Generally, it takes a few days or some more than ten days to encrypt a database including data for all nationals. Therefore, it is difficult to introduce the encryption if DB service has to be suspended during the process. The big advantage of CubeOne is no downtime construction function. It is possible to construct without suspending DB service if using this function early or after construction or for additional encryption. Up until now, all sites with CubeOne have been constructed without any suspension.
12