DB Encryption 101: How to Implement
Recently, as information security needs have increased rapidly, various security techniques and strategies have drawn attention. Encryption is one approach that’s attracted the most attention. Penta Security was Korea’s first to develop a DB encryption product so we often get these types of questions:
I think a lot of these questions come out of fear or confusion about encryption. The reality is that these questions might be an issue if you’re not implementing encryption properly – but when you follow the correct procedures, then a lot of your concerns will dissipate.
For any implementation of database encryption, the pre-evaluation process is crucial. After all, there are hundreds of solutions out there, but which one do you pick? Especially if you’re implementing encryption for a corporate environment, you need to be detailed to get the most bang for your buck.
Applying a DB encryption solution should follow this process:
- Product Selection
- Impact analysis
- Query optimization
Product Selection for DB Encryption Solutions
Choosing the appropriate product or solution can be crucial. There are a variety of domestic or international encryption products, but the important part is to research the capabilities of the solution to ensure that it’s able to match the compliance laws.
Think of it this way – You walk into a store, ask for a pair of black shoes, the clerk hands you a box that has the label “COLOR: Black”, you give them money and walk out with the box. Realistic? Of course not. Not every pair of black shoes is going to match your environment. Maybe you’re going to play a sport, or maybe a black-tie wedding. Just like that, not all DB encryption methods are compatible with any given DB environment. It’s important to consider which server and DB management environment you choose to use.
Policy-making for DB Security
Establishing a structure for your encryption/decryption privileges and accessing control authorities for users once the product has been implemented is the next step. Which users will be able to view the data? Which can perform the functions? Specify separate roles between administrators as well – either the server administrator or the database manager should be the sole person in charge of managing the encryption solution.
Having clearly outlined authority roles isn’t just important in the corporate world, it matters also for safe data management.
Analyzing DB Environment Impact
So what’s the impact of the DB system once it’s been implemented? You need to take into consideration the type of data, which data needs encryption, and in which format it should be organized. Once evaluated, the next step is to assess the impact of the business system servers that will require encrypted query requests. If the necessary queries to be sent from the business system servers to the DB server are researched in advance, this process doesn’t have to be complicated. But if not, query optimization could be long and arduous.
Fully understanding which requests are going to originate from the systems’ applications will likely require cooperation from a business systems developer. Even with the cooperation of a systems developer, it may not always be possible to analyze complex business system expressions. In that case, you may need to analyze the queries travelling to and from the business servers and DB server and discover their nature by using an induction formula. Induction formula analysis tools are included in many encryption solutions, and separate stand-alone products exist as well. Purchasing an encryption solution already equipped with the tools to collect and analyze these expressions will assist in this step.
Application to Pre-existing Data
Most encryption solutions come equipped with tools for encrypting pre-existing data on the DB server. These solutions let stored data become encrypted.
Testing and Optimization of DB Encryption
By utilizing the queries which access saved data within your database, you can test the potential results. This checks whether the data has been properly encrypted and whether that data will be decryupted properly if it’s needed during a search request. As you test, you can alter the query slightly to access the information – this can cause slight to moderate processing degradation, but it’s possible to reduce the effect of degradation through query optimization.
Qutomatic query optimization tools exist which analyze the interaction between the DB server and business system application. These tools can detect which queries are needed and by automatically identifying where changes are necessary, the optimization process is simplified and performance degradation is largely avoided.
After the solution implementation is completed, you can monitor whether the encryption and decryption process is operating correctly, the interaction between the business system and DB server is running smoothly, and whether access policies are working properly. If the service experiences degradation, then it might be necessary to implement query optimization again.
There we go – safely store your personal data
Using the process mentioned above takes into consideration the necessary elements of a DB server environment. But following this process is the most comprehensive way to make sure that your personal data will be safely stored.
Disclaimer: Parts of this blog post were published on this website in 2013. The original posts have been combined and added onto this blog post in March 2016.