Column-Level Encryption: What to Consider

There’s no single, magical, ultimate solution to keeping your information safe – if there was, the multitude of companies that have already invested millions of dollars into protecting their applications, systems, and networks would be much richer. The last couple of years has been difficult on companies and organizations that have suffered data breaches right and left. The reality is that no matter who you are or how well your company is doing, several measures of protection need to be taken to lessen the possibility of a database attack. One of those ways is column-level encryption.

I’m sure you’ve heard about encryption before – whether it is in the context of securing your database, or in the context of some thrilling movie where a code needs to be decrypted in order for the hero to make his way into a secret vault somewhere – but encryption, while a simple concept, has many variations to it as well.  Column-level encryption is one of them.

First things first, what is column-level encryption?

Assuming you understand the basics of encryption (if you don’t, not to worry – here’s a great Encryption 101 guide), let’s think about a basic database structure. A typical database will have columns and rows of data. Now, file-level encryption is a database encryption method where individual files are encrypted as a whole. There are benefits to this method as there is one master key for encryption. However, with column-level encryption, you can encrypt just individual columns – this also means that each column can have its own unique encryption key within the database.

The benefits?

Flexibility

Because you’re not encrypting the entire file, when choosing what data to encrypt, column-level encryption does allow for more flexibility. After all, why encrypt something that doesn’t need to be encrypted?

Additionally, column-level encryption is possible even when the database is active (Some types of encryption are only possible when data is “at rest” which means when it’s not being used, not when data is “in transit” or “in use” which refers to active data). This means maintenance of functionality, which when encrypting data that’s constantly being accessed or updated, is of significance.

Speed

Column-level encryption allows for efficiency because there’s less encrypted data. Overall, you’ll have better system performance because encryption for the whole file isn’t necessary. While it might not seem like a big deal, this becomes a huge benefit and efficient system when managing a significantly large database. Trying to encrypt a whole file can be overwhelming – for both you and the system.

For example, perhaps you’re in marketing and have a database of customer contacts. One of your fields might be the customer’s favorite color. Perhaps it’s their method of preferred contact. These aren’t fields that need to be encrypted, which could slow down the performance.

However, it’s important to mention here that faster performance isn’t always the case. If all individual columns are encrypted (with their own unique keys) within the whole file, that’s when database performance decreases. Even the act of indexing or searching for the contents within the database can take longer than necessary.

Security

I’ve already mentioned that different columns have unique keys, which means that this can give an added layer of security to your database. Just one key will not give access to the entire file. Decreasing the likelihood that data in your columns will be lost, column-level encryption also allows for delegation of keys to authorized users.

With its benefits, column-level encryption has been gaining in interest. But as we always say, it’s the user’s job to research and analyze each method before applying the solution, whatever the consequences may be. Hopefully this gives you a bit of an introduction into this encryption method. Think about what kinds of services may be right for you. What are some of your ideas?


For more information on MyDiamo, Penta Security’s security solution for open source DB (which utilizes column-level encryption), check out www.mydiamo.com

To find out more about Penta Security’s encryption solutions, head to the D’Amo Overview page, or contact us at info[at]pentasecurity[dot]com