(If the system administrator and its own security policy administrator can be managed separately, isn’t this the same as what D’Amo offers?)
It is true that Oracle’s 10g supports Transparent Data Encryption (TDE). With the TDE feature it is possible to work with the encrypted data using the export/import function which supports data encryption. However, if you have the authority to use the appropriate SELECT operation, you can automatically decrypt data without a separate authorization for decrypting encrypted tables. In other words, a 10g database administrator can easily decrypt any encrypted data at will using the SELECT operation.
As such, if the DBA account and password are exposed (due to hacking, etc.) important information can be compromised. Also, 10g cannot support SEED, a domestic algorithm widely used by the public and financial sectors. On top of buying the Oracle software, an extra expense of $20,000 per CPU is required.
With D’Amo, in order to access encrypted data the user must have the authority to SELECT the corresponding table and then, depending on the account, can also be granted a separate authorization for decryption. D’Amo also carries out detailed internal access control allowing authorization only from specific IP addresses.
With D’Amo, even users with DBA authority must be granted a separate authority by the security administrator to be able to query encrypted data. Moreover, D’Amo provides a user friendly GUI to centrally administer and manage several databases while providing effective database management by fundamentally separating the database management from security management.