Have you ever hidden a key to your front door under a rock and simply hoped that nobody would ever find it? Would you do the same thing with the keys to your database? Hopefully you wouldn’t!
You collect and store lots of information and you need to protect all of it. Government and industry regulations increasingly require it, consumers are increasing demanding companies better protect their data, and data breaches are becoming more frequent and costly. Data in motion and data at rest both need to be stored securely.
Encryption protects the confidentiality of the critical data you collect and store. Managing the keys used to encrypt that data is what makes encryption effective. Remember: You can lock your door, but if a thief finds the key you left under the rock, then it is like you never locked the door. An effective key management solution ensures a thief can’t find and use your encryption keys.
Yet according to IDC’s Future Enterprise Resiliency & Spending Survey in June 2022, only 10% of respondents cited that encryption and key management were the most important security consideration when looking at cloud vendors.
Why is protecting the information stored in your databases so important? As a company you need to:
- Ensure protection against the growing number of threats and breaches including both external and internal attacks.
- Maintain compliance with data protection regulations and industry mandates as these are top priority for security spend.
- Establish a consistent policy governing data protection across all enterprise databases. As multiple databases are used across the organization, ensuring that a consistent security policy is implemented and enforced is a major challenge. Manual processes lead to errors and inconsistencies.
What to Look for in Database Security
What should you be looking for in a comprehensive solution? As databases today can live in a variety of settings including on-premises data centers, cloud services, and hybrid deployments, security must consider the different threats associated with all these environments.
Different approaches exist to secure this data stored in your databases. For example, the entire disk where your database resides can be encrypted. You can also choose to only encrypt specific files, or you can even choose to only encrypt specific fields within those files. Choosing the right solution doesn’t have to be difficult. By understanding these layers of technology and what they are used for, organizations can make an informed choice about which solution or technology best meets their needs and appetite for risk.
Encryption is the foundational layer to database security and understanding the various encryption technologies available allows an organization to make an educated decision. When using encryption technologies, it’s also critical to understand the best practices for managing the keys used to encrypt the database.
Considerations for Database Security Solutions
Not only are there various types of encryption technologies and best practices for cryptographic key management, but organizations must also consider offerings from multiple database security vendors. Some of the questions that organizations should consider when selecting a database security vendor include:
- How flexible are the deployment options?
- Are industry standards like the Key Management Interoperability Protocol (KMIP) supported?
- Is Transparent Data Encryption (TDE) and KMIP scalable to support an external key manager?
- Does the database support hardware key storage using certified FIPS and Common Criteria hardware security modules (HSMs)?
- Is there support for on-premises key generation using bring your own key (BYOK) and hold your own key (HYOK)?
Conclusion
There are multiple methods and approaches for database encryption. Understanding the benefits and drawbacks of each approach as well as your business requirements will allow you to determine which solution is right for your organization. Regardless of the method, robust key management is fundamental. For organizations looking for flexibility in their key management approach, vendors that offer validated integrations with database providers is a good strategy.
Download the IDC white paper Demystifying Database Security: Considerations for an Effective Strategy to learn more about what to look for and the key considerations when selecting a database security solution for your organization.