Today’s enterprise security teams are being tasked with supporting a rapid expansion of database encryption use cases. This paper offers a detailed look at why the demand for database encryption is growing more critical and more challenging to contend with.
The paper offers an overview of the key approaches required to address this increased demand, and it outlines the different types of encryption approaches—helping IT architects, CISO’s, and database security experts ensure they’re using the right tools for the right purposes. Finally, this paper offers a look at Thales’ extensive portfolio of data protection solutions, and reveals how these solutions enable security teams to address their database security objectives in an efficient, holistic manner.
Determining How to Encrypt Database Data
To address all the challenges outlined above, it’s essential for enterprise security teams to institute more strategic, enterprise-wide protection strategies. Therefore, security teams need to leverage platforms that provide central, efficient administration of keys and policies across the enterprise, while also having the diverse capabilities and flexible solutions required to institute encryption in the most effective manner for each unique use case.
Any solution employed needs to equip security teams with the following fundamental capabilities:
- Securing data and controlling access to that data.
- Applying strong controls to safeguard keys, and to efficiently manage them across the lifecycle.
- Storing and managing keys in a manner that is physically and logically isolated from data repositories.
Choosing the Right Approach for Each Use Case
When it comes to encrypting database data, security teams have a number of approaches and solutions to choose from. Decision makers need to select the solutions that address the most critical channels of attack, while also balancing factors like cost, integration and administration effort, and user service levels and convenience. Following is an overview of some of the approaches available and their relative strengths and weaknesses:
- Application-layer encryption and tokenization. By leveraging application-layer encryption and tokenization, organizations can often achieve the highest levels of security. With this approach, organizations can secure sensitive assets across their entire lifecycle, from the point of initial creation or capture until deletion. On the other hand, this approach tends to require the highest level of implementation effort.
- Database-layer. By encrypting at the database layer, organizations can secure specific columns within the database. For example, they could encrypt a column that holds employee social security numbers, while leaving other data in the clear. This approach may offer easier implementation than application encryption, but it may not address as many potential threats.
- File-system layer. With this approach, organizations encrypt the entire database file. This approach may not offer the broad protection that application- and database-level encryption can provide, but it can be an optimal way to secure database files before or as they are exported, backed up, and archived to storage. Compared to the prior approaches, this alternative is often much easier to employ and manage.
Today’s enterprise security teams are being tasked with supporting a rapid expansion of database encryption use cases. But determining the best way to implement or improve database encryption can be daunting.
That’s why we created this white paper, which offers a detailed look at:
- Why the demand for database encryption is growing more critical and more challenging
- Key approaches required to address this increased demand
- Different types of encryption approaches helping managers ensure they re using the right tools for the right purposes
- How Gemalto’s SafeNet Data Protection solutions enable security teams to address their database security Objectives