Field Level Encryption with Oracle Integration and OCI Vault by Stan Tanev
Blog: PaaS Community
Integration platforms are often required to handle confidential information such as personal details, payment information or other data protected by compliance and regulatory standards such as HIPAA, GDPR, PII and PCI.
Various methods exist to protect data from unauthorized access while data is in transit and at rest. These approaches typically encrypt the entire payload. As a complementary approach Field Level Encryption has an important role to play by ensuring that only appropriately configured clients can read sensitive data fields. This approach also allows clients without the encryption keys to work with the non-sensitive data which would be impossible to do with a fully encrypted payload.
Although Field Level Encryption (FLE) is not natively supported in Oracle Integration (OIC) today, this blog will explore several options that will allow you to implement FLE with OIC. In this blog, I will present these options, discuss some guiding principles and showcase some sample implementations.
In the context of Oracle Integration, an implementation of Field Level Encryption should allow a developer to easily encrypt/decrypt individual field(s) as part of an integration flow. Let’s explore several use cases where this may be applicable:
- Oracle Integration may be required to receive or send encrypted information to other systems as part of a bigger data payload. For instance: OIC developers may be required to encrypt some but not all fields for a new hire sourced from Oracle HCM prior to sending them to an external system. Read the complete article here.
For regular information on Oracle PaaS become a member in the PaaS (Integration & Process) Partner Community please register here.