As part of PCI-DSS (Payment Card Industry - Data Security Standards), we are required to encrypt sensitive data in database. I am hoping I can get some guidance/recommendations on how to go about this. Below are the points that we have started upon:
1. Solution identified should span various version of Oracle Databases (11g & 12C) as our data is spread across multiple applications using diverse versions of Oracle Database.
2. This being a generic requirement - are there known solutions of how data is encrypted and stored so that direct access to data does note reveal sensitive info. while the access through applications decrypts and provides access.
3. Are there solutions to mask sensitive data?
I am hoping these solutions are granular at column level and exploring some options on using PL/SQL under DB view based access - but was afraid of reinventing the wheel and wanted to check with the community on recommendations/experiences.