Transparent database encryption is an essential part of providing end-to-end data privacy, enhancing the existing OpenEdge security features. However, data privacy is not an on/off solution. Each OpenEdge application must utilize and integrate the available security features to realize the optimal balance of security, performance, and administrative complexity for their situation.

Transparent Data Encryption operates with data-at-rest, using standard encryption libraries and encryption key management to provide transparent encryption of information in the database. Transparent Data Encryption protects data at the object level (table, index, LOB, type I area), so that one, some objects can be encrypted without encrypting the entire database. Protection is configured by defining policies, much as auditing levels are configured.

Using Transparent Data Encryption, data or index blocks written to disk are encrypted for safe storage, and data or index blocks read from disk are decrypted for use in memory. Data written to backups are encrypted, and binary dumps can be encrypted. This means that copies of the database, or encrypted backups or dumps are also protected.

Encryption key management is critical to an encrypted databases security. OpenEdge Transparent Data Encryption includes both policy tools and a secure encryption key store. Encryption key storage is kept separate from the database so that a stolen copy of the database does not contain the data's encryption keys. The key store is encrypted and protected by requiring account access with a strong passphrase to prevent unauthorized access and limit authorized access, further ensuring the safety of your data. See OpenEdge Key Store for details on the OpenEdge key store.