Quick update on the Cloud security. Oracle Cloud uses TDE (Transparent Data Encryption) to secure data on disk. With this functionality the keys for the data is stored on the DB server as well (although in another location). This way it is not really secure with respect to US Government access.
There seems to be a "wipe out" option that deletes the key and all in-memory references to the key and the related data. This can be used by the client to "shredder" all the data, even if it resides on disk.
An option to transfer keys on data-access seems not be planned, so there will be a considerable possibility to get access to the data.
I'm not aware of a solution to this problem, either within Oracle nor in any other Cloud environment that needs to work with databases. Out of this Oracle seems to have a state of the art solution. Until there will be CPUs that can operate on encrypted data and the key-transfer is very secure.