I often speak with organizations that need to employ encryption and external key management for multiple relational databases they are using to store encrypted data. Often this is a combination of Oracle and Microsoft SQL Server databases.
Transparent Data Encryption (TDE) is used within both the Microsoft SQL Server and Oracle Database universes to provide encryption services at the tablespace level. Many companies employ TDE and external encryption key management to meet the concept of "Separation of Duties" as required by PCI DSS and other compliance regulations. Also, TDE is often easier to implement than column level encryption that may require programming changes to your application layer.
If you're running versions of Microsoft SQL server that don’t support EKM, don't worry. You can still take advantage of the added features and security of using an external key manager with our encryption key management HSM, Alliance Key Manager (AKM). AKM fully supports the entire Microsoft SQL Server product line. You’ll just have make some programming changes to your application code to perform the necessary API calls to the key manager and you'll be set up to do key retrieval. To help you with the process, we provide sample code and the .Net key retrieval assemblies to add to your project. Additionally, we have C# and VBNET sample code that shows how to retrieve a key from the key server.
Much like Microsoft SQL Server, in the land of Oracle you need to be running Oracle Enterprise Edition with the Advanced Security option. This can often be a pricey upgrade and I find that quite a few organizations would rather do column level encryption due to this fact.
For more information on the importance of encryption key management, download our white paper "Key Management in the Multi-Platform Envrionment" and learn how to overcome the challenges of deploying encryption key management in business applications.