What is database encryption?
Many times, sensitive data like credit card numbers, social security numbers, medical records, etc., are kept in a database. And we need to safeguard those data from data theft.
Usually, to preserve data confidentiality in a database, we enforce access control policies. However, access control policies are not always enough to ensure data protection. To give an example, an intruder can hack the information system and try to collect data from the data footprint on disks.
Database encryption is the process of converting the data within the database into some ciphertext using encryption keys and suitable algorithms. Database encryption ensures even if the attackers break through the firewall and bypass the access control policies, they would need encryption keys to decipher the data.
Why do we need database encryption?
Data encryption normally can be performed at various levels – storage level, application level, or database level.
Storage Level Encryption can encrypt data in files or directories at the Operating System level. It is good enough to protect data at rest. However, the storage subsystem has no knowledge of database objects and structure. So, the encryption strategy cannot be related to user privileges. Moreover, encrypting file selectively is quite risky, as one should ensure that no replica of sensitive data remains unencrypted.
In Application Level Encryption, data encryption is done within the application that introduces data in the database. Data is sent encrypted from the application to the database. As a result, it remains encrypted in the database and gets decrypted again in the application layer after the data is retrieved from the database. However, the problem with this technology is that applications need significant modifications to adopt this solution. Moreover, the attacker can hack the application and access unauthorized data. This solution induces performance overheads also.
Database-level encryption ensures data protection while inserting or retrieving data from the database. Using this technology, selective encryption is possible, and it can be done at various granularities like columns, tables, etc. Moreover, the encryption keys can be stored in a restricted table or file, encrypted by a master key, and that can ensure even stronger protection.
What is Transparent Data Encryption?
There are multiple technologies available for database-level encryption. One such technology is …
0 Comments