KNOW MORE ABOUT Database Encryption
What is Database Encryption
Database encryption is the technology used data protection from databases. Encryption can applied to the contents through native database functions or externally with third party tool.
Database encryption can be classified in two basic types:
Transparent/External Encryption – term for the encryption of the entire database. This is provided by native encryption functions within the database engine. Some database vendors offer column and table level granularity, but it is increasingly common to apply encryption to all the data. It’s called ‘transparent’ database encryption because it is invisible to the applications and users that use the data, and requires no changes to application logic. The principal use case is to prevent exposure of information due to loss of the physical media (disk, tape, etc.) or compromise of the database files in storage. Transparent encryption can also be handled through drive or OS/file system encryption, applying encryption on everything that gets written to disk.. Transparent encryption protects the database from users without database credentials, but does not protect data from authorized users.
User/Data Encryption – term describes encrypting specific columns, tables, or even data elements within the database. It is called ‘user’ encryption because the objects being encrypted are owned and managed on a per-user basis. Tokenization also falls into this category. The classic use case for this encryption model is encrypting credit card numbers within a database. The goal is to provide protection against inadvertent disclosure, or to enforce separation of duties on credentialed users of the database. The downside is that these variants are not invisible to the application and usually require code and database changes. The concept is to encrypt only the highly sensitive data the companies are worried about, reducing the overall performance impact, and minimizing code and database changes. How this is accomplished depends on how key management is handled, the use of internal vs. external encryption services, and how applications use the database.
- Granular protection—Retain ownership of data throughout its life cycle with granular file- or column-level encryption.
- Centralized administration—Simplify security administration and control costs with centralized management of keys, policies, and configurations.
- Controlled access—Ensure regulatory compliance and reduce risks by setting policies for separation of administrative duties.
- Productivity empowered—Encrypt information transparently, without disrupting business operations, database performance, or the end-user experience
Database Encryption technology delivers powerful protection for the sensitive corporate and customer information stored in databases. With Database Encryption technology, organizations have the flexibility to encrypt data at multiple levels and during multiple processes. Database Encryption technology helps to facilitate secure collaboration with comprehensive protection of the structured data. With Database Encryption technology, organizations gain the flexibility to encrypt data at the file, or column, level in databases, within the application layer, and during batch-driven data transformation and transaction processes.
Most regulatory mandates require the separation of security administration from database administration to avoid the risks of “super-user” access. Database Encryption technology allows for “M of N” policies, which prevent any single administrator from making critical configuration changes without additional approvals of other administrators.