With Oracle Database 11g, shall I use TDE column encryption or TDE tablespace encryption?
Use TDE tablespace encryption if any of the following is true: • You are running Oracle Database 11g Release 2 Patchset 1 (11.2.0.2) on Intel® XEON® 5600 CPUs with AES-NI and like to experience ‘near-zero impact’ stored data protection with TDE tablespace encryption • You cannot find all columns with sensitive content • Data type and/or data length of sensitive column is not supported by TDE column encryption • Sensitive column is used as foreign key • Applications perform range scans over indexed, encrypted columns • You need index types other than B-tree over encrypted columns •
Use TDE tablespace encryption if any of the following is true: • You are looking for the most performant encryption solution. TDE tablespace encryption has better, more constant performance characteristics in most cases. Moreover, tablespace encryption in particular leverages hardware-based crypto acceleation where it is available, minimizing the performance impact even further to the ‘near-zero’ range. Support for hardware-based crypto accelaration is available in Oracle Database 11g Release 2 Patchset 1 (11.2.0.2) for Intel® XEON® 5600 CPUs with AES-NI.
