Posts

db database encryption

Debunking 5 DB Encryption Misconceptions

 

db database encryption

Businesses handle an enormous amount of data. All of this data is stored in hundreds or even thousands of databases, so it’s impractical for a database administrator to oversee the security of these databases with only basic access control functions. Instead, businesses are realizing that data encryption is a must-have component to their existing cyber security strategies. DB encryption ensures that a database is being protected even if hackers somehow replicate the database or move it to another location.

While critical to a business’s cyber security strategy, DB encryption isn’t always deployed by businesses. But thankfully, there is a positive trend occurring: in the past few years database encryption usage among businesses in the US has risen from 42% to 61%. This blog post will address five misconceptions that put to rest some concerns businesses may have before implementing DB encryption.

1. I use SSL so I don’t need DB encryption

SSL involves encrypting communication between a web user and web browser, but does not take into account data that is at “rest,” or data that is stored in a database. In other words, SSL ensures secure connection for the data that is in motion (at the time that requests are being made to the web browser). SSL is important for encrypting web traffic but there is also unprotected data that is being stored either on a disk or database which SSL does not take into account and therefore needs added protection.

2. If I use DB encryption, database performance will degrade

The performance of a database is determined by multiple factors such as excessive indexing and inefficient memory allocation. While businesses may be reluctant to incorporate database encryption into their existing security deployments due to performance or latency concerns, businesses should be reminded that it really depends on the type of DB encryption solution a business decides to utilize, whether that be file-level or column-level encryption. Typically, file-level encryption is the least resource intensive and has the least effect on the overall performance of a database.

3. Encrypting the database is enough protection for my website

Even if the security of a database is compromised, the database will be protected if the information inside is encrypted. But this doesn’t mean that the website itself will be safe  should it come under attack. Thankfully, with no access to the decryption key, a hacker cannot read files that are encrypted in a stored database. Businesses can rest assured that their most sensitive data is being protected. However, the website can still be brought down by attacks. In order to protect web applications (i.e. websites) an additional security solution will be needed.

4. DB encryption and key management requires hardware appliances, which is inconvenient

These days it’s pretty common for key management solutions to be available in a variety of both hardware and cloud platforms. But it mostly depends on where a business may be storing company data or what kind of needs they have. Not all businesses have their own data center. Instead, many rely on some kind of Software-as-a-service (SaaS) solution, removing the need to rely on hardware appliances. Therefore, it’s less likely that the traditional key management solution is implemented internally.

5. DB encryption is too complicated and requires modifications to my current operating system

Once a business answers basic questions like what kind of data needs to be encrypted and who should have authorized access to it, database encryption should not be complicated. Encryption is made easy thanks to the readily available tools in the market that cater to the needs of each business. There are plenty of DB encryption solutions that reside beneath the application layer, thereby eliminating the need to make modifications to a business’s operating system or storage. If an encryption engine is supplied for example, then no source code changes to the database environment or application are required.

Businesses should not shy away from using DB encryption due to these common misconceptions. DB encryption is not so much of a trend than it is a security necessity for all businesses. The drivers for using database encryption come down to compliance requirements and businesses recognizing the need to protect specific data types. So whether it’s to meet industry standards or to safeguard sensitive information, DB encryption is here to stay.

startup CEOs

3 Web Security Services for Startup CEOs

startup CEO

Startup CEOs should secure their business

In 2013, Target, a massive retailer in the US, suffered a major web hacking incident that stole thousands of customers’ credit card information. After the event, Target was negatively affected as news leaked and company shares dropped by 1.5% the following year. These kinds of web attacks prove that nobody is completely safe from web hacking.

Now, we know that web security is not a hot topic that drives a conversation every day. However, as a startup CEO, it is imperative to have a basic knowledge of what web security options are available, so that you can do your best to protect your clients’ private information. Here are 3 options to help you better protect your company’s sensitive data.

Web Application Firewall (WAF)

Web Application Firewalls help monitor your incoming and outgoing HTTP/HTTPS traffic to your website. You can almost think of a WAF as a security scanner that we see at the airport. People with the right credentials will get past through the gates, but any visitor that may have malicious intents will be barred from entering your network. WAFs use specialized rules or patterns to help identify whether a web visitor or traffic is dangerous. WAFs can be the essential first line defense for any website owner to help protect your website from the network perimeter.

Malware Scanners

Having a WAF is a great way to protect for your web security. However, it won’t help your business much if you are already infected. Therefore, it will also be helpful to help you search for malicious programs already residing in your servers.

Infected sites can be a major turn off for customers, especially if it can infect their computers. This is a double edged sword because not only can you affect your customers, but once Google gets wind of this then you can also be SEO blacklisted. It can detect websites that have been infected by malware and warn customers away. So having a protected and clean website is not only good for the customer but also for business. Using a malware scanner for your internal network can help keep your website safe. For optimal security, one should always maintain a routine scan on servers. Better to be safe than sorry.

Database Encryption

Encryption is the process of transforming the data in a database into undecipherable data. An encryption program uses a series of complex algorithms and possesses a master key to turn the data back into its original form. Your database is where all the data of your business, such as specific customer banking information, is stored. It is one of the core elements of any online business; therefore, malicious hackers are always looking for a way to get their hands on it.

One of the world’s most popular database management systems called MySQL is open source, so it can be highly vulnerable to attacks. Many CMS frameworks like Drupal, Joomla, and WordPress all use MySQL as their default database. It is critical that you take every precaution to protect yourself from any would be attackers. One way to do this is to utilize a database encryption software. This can bring a third layer of protection in case any savvy web hackers get into your internal system.

The recent increasing number of startups has made these businesses attractive targets to hackers to exploit. Customers entrust their information to businesses and they should feel obligated to keep that information safe from hackers with malicious intents. One can’t be too careful when it comes to security. Get more in tune with your website and its security by installing these 3 great security solutions!

clouds

Protect Sensitive Data within the Cloud

It’s pretty clear by now that the next frontier for online businesses is to move to the cloud. However, the term ‘cloud’ is still a relatively new idea that can help businesses greatly improve their productivity, efficiency, and save on resource costs. However, this overly anticipated rush to the cloud isn’t without its limitation. One such drawback of the cloud is the possibility for increased web attacks and infrastructure vulnerabilities. Today, we will explore the various ways to help safeguard any confidential information or sensitive data that is stored in the cloud.

Current Cyber Security Landscape

In today’s computing environment, there are an abundance of network and cloud infrastructure providers. But, the question we need to ask ourselves is, “who is managing and tracking all of the inbound/outbound traffic?” In other words, organizations are eager to provide incredibly cost effective and efficient cloud infrastructure, but there hasn’t been much thought or planning surrounding the protection of this cloud infrastructure.

The market is slowly starting to see the effects of improper web protection, however. According to Gartner, by 2020, more than 60% of web applications will be protected by cloud service Web Application Firewalls. Just as fast as people are looking to upgrade to the cloud, there is a growing interest on how to protect these next generation infrastructure solutions. In essence, companies and online website owners are starting to become more proactive, but the job doesn’t end there.

How Do We Protect Ourselves?

The very nature of the internet is to be open, but this could ultimately leave one to be vulnerable to web attacks if not careful. This is the ultimate cloud fallacy. As much as we want to move towards sharing resources, infrastructure, or testing new innovative solutions, this can only be done to a certain degree. Until recently, most companies have been looking to fortify their internal networks and systems to prevent any attacks. The issue is that the internet was designed to freely share and communicate information with the open world. The best way to work around this predicament is not to block ourselves in by building higher walls, but to build smarter gateways. Two ways that we can achieve this is to utilize a perimeter based Web Application Firewall and Database Encryption technology.

diagram showing WAF protecting a website or sensitive data from hackers and bots

 Web Application Firewalls (WAF)

WAFs can help protect all inbound and outbound traffic that flows through the web/application layer (OSI Layer 7). These days, as more and more websites rely on dynamic web applications to power their sites, the vulnerabilities of these applications continue to persist. WAFs are perimeter based web security solutions, which means that they look to monitor all HTTP/HTTPS traffic to sift for any malicious or suspicious web behavior. Once detected, WAFs can automatically block any web hacking attempts that target a web application and ultimately intend to steal sensitive data on a web server/backend database. WAFs can be your first line defense to protect your online business from web attacks when you least expect it.

There are various benefits to implementing a WAF solution into your cloud web security profile, such as:

  • Cleaner & safer network – mitigate major hacking incidents
  • Peace of mind – always active security that works on the perimeter
  • Performance – security that doesn’t affect performance or incur latency issues
  • Compliance – satisfy PCI-DSS requirement 6.6

silver lockpad over data and series of 1s and 0s safeguarding sensitive data

 Database Encryption to protect sensitive data

Database encryption software transforms data stored in a backend database into “cipher text”, which can make the data incomprehensible without first being decrypted. In the event that a web hacker was able to bypass your first line of defense (in very rare instances or caused by rogue insiders), a high performance database encryption software could be your savior. DB encryption software not only prevents sensitive data leakage, but even if data is stolen, encrypted data will be deemed useless since web hackers will be unable to decrypt the information. As an added measure of security, database encryption companies, such asMyDiamo, can separately store database keys into third party key management servers to eliminate any possibility of a data breach.

Here is a short list of the benefits of using a database encryption software:

  • Protect Data Completely – encrypted data information is protected, even if it is stolen
  • Guarantee Data Integrity – easily detect whether data was manipulated/tampered
  • Compliance – satisfy legal & internal/external audit guidelines (HIPAA, SOX, PCI-DSS, etc.)

The key to protecting data stored in the cloud is to take a more perimeter based proactive approach. It’s best to secure your more sensitive data before cyber criminals ever reach your vulnerable web applications. This can be accomplished by utilizing a Web Application Firewall and Database Encryption software as an added security insurance. Get started on protecting your data in the cloud today!

 


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

stairs-1229149_1920

Database Encryption: the new trend?

We’ve talked quite a bit about database encryption in this blog, and perhaps you have heard about it on the news or in the media as well. Every other day a company is hacked. Data is everywhere. Cyber security is an unavoidable topic as of late, especially here in Korea.

In Seoul, digitization is the norm, not the exception. Billboards are all in LED format. The majority of any commercial shopping can be done online. Having a mobile application for any activity is an obvious given. Considering how everyday life is inextricably linked to the digital world, it seems inevitable that laws comply with the changing trends.

For example, Korea’s Personal Information Privacy Act (PIPA), requires any commercial entity that deals with private user information to apply encryption to its databases. Otherwise they need to take other precautions to ensure user privacy. If they don’t comply with the act and private records become breached, those responsible could be sentenced for up to 2 years imprisonment and/or a $10,000 fine.

This kind of approach to privacy gives a good push to the information security market.

For the past few years, the database encryption market has seen increased potential due to the Information Communication Act, which is similar to the Privacy Act but much less strict. Moreover, government institutions have been major customers for encryption security in the past. This pressures other enterprises (like insurance companies or financial firms) to join in the fun. The potential for this market is $50 million – not a small amount.

Database Encryption for the “IT Crowd”

For example, since the privacy act became enforced, Korean IT-security firm Penta Security Systems has shown consistent and significant annual sales increases. In 2013, sales increased to 75% in terms of revenue, and 70% in terms of the number of customers. It was as if clients in the government sector had become “the IT crowd,” and other enterprises were lining up to follow the lead in database encryption.

There are countless benefits in utilizing a DB encryption solution, especially for government entities and enterprises. For example, the leading encryption solution in APAC, D’Amo offers access controls for encrypted data, so by distinguishing authorized vs. unauthorized users, the access can be under your control. The administrator can specify user login authority by the IP address, permitted time period, and application program. It also provides an auditing function for important data columns that tracks which users or computers have performed operations. Based on the provided data, it can apply security measures to prevent questionable access or privilege abuse.

Trends and policies come and go… Encryption is here to stay

Lately, the hot topic words are “cloud trends” or “database encryption trends.” While it’s a start that these topics are being mentioned – the word “trend” can be misleading. It signifies that there will be a point in time where it is no longer popular to be doing something.

However, database encryption is something that everyone should start to be concerned about. And we should continue to be concerned. While it’s easy to wait for policies to be made in order to adhere to a set standard, corporations and individuals alike do need to remember that at the end of the day, the responsibility of cybersecurity lies with you.

A recent report by Symantec found that up to 60% of cyber attacks target SMBs. In addition, Kaspersky Lab reported that on average, enterprises paid US $551,000 to recover from a security breach. That’s money that would send the budgets of many start-ups or SMBs in the red. Why wait for an attack when you could build a long-term defense?

When looking for an encryption solution, don’t think about it in the short term. Look at what solutions will give you long-term benefits. Countless new vulnerabilities may arise, but a company should be able to give you optimized solutions for what you need at any given time. It shouldn’t send you into a panic attack every time a new cyber threat makes its way into the digital world.

For more information on encryption solutions, head to the D’Amo Overview page, or contact us at info@pentasecurity.com

profile

"D’Amo for SAP”, the Encryption Solution for SAP

D’Amo for SAP, developed by data encryption and web security solution provider, Penta Security Systems Inc. (CEO Seokwoo Lee, www.pentasecurity.com), is an encryption solution that was specifically designed to run on SAP. Loads of personal data and confidential information is stored in company SAP systems. This type of information is required by law to be encrypted in many nations throughout the world, particularly in Korea, where a new privacy act has been enforced since the beginning of 2013. Moreover, sales information residing in SAP is some of the most critical data that a company is advised to secure against breach attempts.

It is not possible to encrypt data on SAP using pre-existing encryption solutions because they do not allow users to freely modify stored business application data. This makes most enterprises hesitant about adopting encryption solutions for their SAP. To overcome this limitation, Penta Security Systems Inc. released the SAP encryption solution in 2012, aptly named “D’Amo for SAP”, which comes equipped with a patented encryption technology known as FPE (Format Preserving Encryption).

The SAP Encryption Solution

D’Amo for SAP’s encryption technology has been certified by SAP, guaranteeing the stability and performance of D’Amo for SAP systems. Along with D’Amo for SAP’s encryption technology, its appliance-type KMS (Key Management Server) offers secure key management for strong authority control.

Previously, it could be quite a complicated process to encrypt data in an ERP. D’Amo for SAP and its included KMS are easily deployed in SAP systems without those complications. In addition, real-time monitoring of the system resources and auditing features make managing a secure SAP system convenient.

Penta Security’s Focus

Penta Security has recently been focusing on small and medium-sized medical centers. As a result, in March they formed an alliance with Choongwae Information Technology, an OCS/EMR provider. This alliance makes it possible to provide D’Amo for SAP together with Choongwae Information Technolgoy’s OCS/EMR product, CI OCS/EMR. CI SFE is a mobile version of CI OCS/EMR programs and is mostly used by medical centers and pharmaceutical companies.