We can encrypt columns on a table as well as encrypt the entire tablespace and backups. There is a performance overhead associated with the encryption/decryption process as encrypted columns cannot be used in Index scans. TDE works by setting wallet and generating a key/password to access data as it will be needed to de-crypt the data. Hackers will therefore need this key in order to de-crypt and as such the data is useless to them if hacked. In this exercise, we will encrypt a column on a table as well as tablespaces in the database incorporated with datapump.
In summary, hackers can’t read data on datafiles if TDE is set properly