Posts

mydiamo blog header

MyDiamo Expands Open Source Database Encryption Offerings to Include PostgreSQL

PostgreSQL will join existing supported platforms of MySQL, MariaDB and Percona as open source database adoption continues to grow. Alongside the expansion, Penta Security Systems Inc. has begun this year to offer NGOs free unlimited usage of the solution.

mydiamos new features including offering postgresql

Leading data encryption vendor Penta Security Systems Inc. announced on September 19 at Singapore International Cyber Week (SICW), that open source database encryption solution, MyDiamo, will now expand its offerings to include PostgreSQL. MyDiamo, the first ever open source database encryption solution, addresses the need to secure open source database management systems, but with minimal cost. The solution offers free licenses for those looking to encrypt databases for small or medium enterprises, and a commercial, minimal-cost license for enterprises seeking enhanced features. Earlier in 2017, it was announced that Penta Security would make the solution with full enhanced functions available to non-profit organizations free of charge, an initiative to encourage all organizations to empower themselves through proper security.

Since the advent of Web 2.0 and the rise in costs for security solutions, Penta Security has seen a dramatic increase in various audiences like individual clients, security administrators for enterprises, as well as non-profit organizations utilizing open source options to apply security to databases housing sensitive information. According to DB Engines, this has resulted in nearly half the market utilizing open source management systems, rather than commercial systems.

Commercial database options for enterprises typically involve vendor lock-in, which is why a compatible open source DBMS like PostgreSQL has recently soared in popularity. However, security is an often neglected area and with the rising adoption of open source databases, MyDiamo meets an urgent need to ensure data security remains at the enterprise level, no matter where data is located. With PostgreSQL’s 10th major release planned for this quarter, MyDiamo’s expanded offerings bring timely support as a security solution.

Regarding the new expansion, Chief Technology Officer of Penta Security Systems, Daniel ES Kim remarked,

“Open source database technologies have steadily matured, and these days, people are able to develop useful applications that benefit their community using tools available on the web. However, data leakage incidents have plagued even enterprises and not many are equipped to implement encryption. With PostgreSQL as part of MyDiamo’s supported DBMS offerings we’re hoping that through easing access to encryption solutions, prioritizing security becomes achievable for more people and organizations.”

PostgreSQL users will be able to enjoy MyDiamo’s comprehensive and accessible encryption solution, with the most up-to-date encryption algorithms, access control, and auditing functions. Differentiating itself from other encryption solutions or services, MyDiamo requires no code modifications because encryption operates at the engine-level within the database, making it an optimal solution even for those with minimal knowledge of IT-systems. The solution also utilizes Transparent Column Encryption, ensuring less than 4% system performance change before and after encryption with no application program or query modification.

With both noncommercial and commercial licenses, MyDiamo’s encryption solution supports MySQL, MariaDB, and Percona as well as the new offering of PostgreSQL.

Penta Security’s team will be unveiling MyDiamo for PostgreSQL along with market leading encryption solution D’Amo, in booth #R13 at this year’s GovWare during SICW. To find out more about MyDiamo, visit www.mydiamo.com.

About Penta Security
Penta Security Systems Inc. is a leader in web, IoT, and data security solutions and services. With 20 years of IT security expertise in powering secured connections, Penta Security is the top cyber security vendor in Asia, as recognized by Frost & Sullivan, and APAC market share leader in the WAF industry. Driving innovations across encryption, authentication, and signature-free firewall detection technology, Penta Security’s whole-system approach to security enables resilience in an era of hyper web integration and connectivity. For more information on Penta Security, visit www.pentasecurity.com. For partnership inquiries, email info@pentasecurity.com.

db database encryption

Debunking 5 DB Encryption Misconceptions

 

db database encryption

Businesses handle an enormous amount of data. All of this data is stored in hundreds or even thousands of databases, so it’s impractical for a database administrator to oversee the security of these databases with only basic access control functions. Instead, businesses are realizing that data encryption is a must-have component to their existing cyber security strategies. DB encryption ensures that a database is being protected even if hackers somehow replicate the database or move it to another location.

While critical to a business’s cyber security strategy, DB encryption isn’t always deployed by businesses. But thankfully, there is a positive trend occurring: in the past few years database encryption usage among businesses in the US has risen from 42% to 61%. This blog post will address five misconceptions that put to rest some concerns businesses may have before implementing DB encryption.

1. I use SSL so I don’t need DB encryption

SSL involves encrypting communication between a web user and web browser, but does not take into account data that is at “rest,” or data that is stored in a database. In other words, SSL ensures secure connection for the data that is in motion (at the time that requests are being made to the web browser). SSL is important for encrypting web traffic but there is also unprotected data that is being stored either on a disk or database which SSL does not take into account and therefore needs added protection.

2. If I use DB encryption, database performance will degrade

The performance of a database is determined by multiple factors such as excessive indexing and inefficient memory allocation. While businesses may be reluctant to incorporate database encryption into their existing security deployments due to performance or latency concerns, businesses should be reminded that it really depends on the type of DB encryption solution a business decides to utilize, whether that be file-level or column-level encryption. Typically, file-level encryption is the least resource intensive and has the least effect on the overall performance of a database.

3. Encrypting the database is enough protection for my website

Even if the security of a database is compromised, the database will be protected if the information inside is encrypted. But this doesn’t mean that the website itself will be safe  should it come under attack. Thankfully, with no access to the decryption key, a hacker cannot read files that are encrypted in a stored database. Businesses can rest assured that their most sensitive data is being protected. However, the website can still be brought down by attacks. In order to protect web applications (i.e. websites) an additional security solution will be needed.

4. DB encryption and key management requires hardware appliances, which is inconvenient

These days it’s pretty common for key management solutions to be available in a variety of both hardware and cloud platforms. But it mostly depends on where a business may be storing company data or what kind of needs they have. Not all businesses have their own data center. Instead, many rely on some kind of Software-as-a-service (SaaS) solution, removing the need to rely on hardware appliances. Therefore, it’s less likely that the traditional key management solution is implemented internally.

5. DB encryption is too complicated and requires modifications to my current operating system

Once a business answers basic questions like what kind of data needs to be encrypted and who should have authorized access to it, database encryption should not be complicated. Encryption is made easy thanks to the readily available tools in the market that cater to the needs of each business. There are plenty of DB encryption solutions that reside beneath the application layer, thereby eliminating the need to make modifications to a business’s operating system or storage. If an encryption engine is supplied for example, then no source code changes to the database environment or application are required.

Businesses should not shy away from using DB encryption due to these common misconceptions. DB encryption is not so much of a trend than it is a security necessity for all businesses. The drivers for using database encryption come down to compliance requirements and businesses recognizing the need to protect specific data types. So whether it’s to meet industry standards or to safeguard sensitive information, DB encryption is here to stay.

DB Encryption 101: How to Implement

Recently, as information security needs have increased rapidly, various security techniques and strategies have drawn attention. Encryption is one approach that’s attracted the most attention. Penta Security was Korea’s first to develop a DB encryption product so we often get these types of questions:

I think a lot of these questions come out of fear or confusion about encryption. The reality is that these questions might be an issue if you’re not implementing encryption properly – but when you follow the correct procedures, then a lot of your concerns will dissipate.

For any implementation of database encryption, the pre-evaluation process is crucial. After all, there are hundreds of solutions out there, but which one do you pick? Especially if you’re implementing encryption for a corporate environment, you need to be detailed to get the most bang for your buck.

Applying a DB encryption solution should follow this process:

  • Product Selection
  • Policymaking
  • Impact analysis
  • Application
  • Testing
  • Query optimization

Product Selection for DB Encryption Solutions

Choosing the appropriate product or solution can be crucial. There are a variety of domestic or international encryption products, but the important part is to research the capabilities of the solution to ensure that it’s able to match the compliance laws.

Think of it this way – You walk into a store, ask for a pair of black shoes, the clerk hands you a box that has the label “COLOR: Black”, you give them money and walk out with the box. Realistic? Of course not. Not every pair of black shoes is going to match your environment. Maybe you’re going to play a sport, or maybe a black-tie wedding. Just like that, not all DB encryption methods are compatible with any given DB environment.  It’s important to consider which server and DB management environment you choose to use.

Policy-making for DB Security

Establishing a structure for your encryption/decryption privileges and accessing control authorities for users once the product has been implemented is the next step. Which users will be able to view the data? Which can perform the functions? Specify separate roles between administrators as well – either the server administrator or the database manager should be the sole person in charge of managing the encryption solution.

Having clearly outlined authority roles isn’t just important in the corporate world, it matters also for safe data management.

Analyzing DB Environment Impact

So what’s the impact of the DB system once it’s been implemented? You need to take into consideration the type of data, which data needs encryption, and in which format it should be organized. Once evaluated, the next step is to assess the impact of the business system servers that will require encrypted query requests. If the necessary queries to be sent from the business system servers to the DB server are researched in advance, this process doesn’t have to be complicated. But if not, query optimization could be long and arduous.

Fully understanding which requests are going to originate from the systems’ applications will likely require cooperation from a business systems developer.  Even with the cooperation of a systems developer, it may not always be possible to analyze complex business system expressions. In that case, you may need to analyze the queries travelling to and from the business servers and DB server and discover their nature by using an induction formula. Induction formula analysis tools are included in many encryption solutions, and separate stand-alone products exist as well. Purchasing an encryption solution already equipped with the tools to collect and analyze these expressions will assist in this step.

Application to Pre-existing Data

Most encryption solutions come equipped with tools for encrypting pre-existing data on the DB server. These solutions let stored data become encrypted.

Testing and Optimization of DB Encryption

By utilizing the queries which access saved data within your database, you can test the potential results. This checks whether the data has been properly encrypted and whether that data will be decryupted properly if it’s needed during a search request. As you test, you can alter the query slightly to access the information – this can cause slight to moderate processing degradation, but it’s possible to reduce the effect of degradation through query optimization.

Qutomatic query optimization tools exist which analyze the interaction between the DB server and business system application. These tools can detect which queries are needed and by automatically identifying where changes are necessary, the optimization process is simplified and performance degradation is largely avoided.

Monitoring

After the solution implementation is completed, you can monitor whether the encryption and decryption process is operating correctly, the interaction between the business system and DB server is running smoothly, and whether access policies are working properly. If the service experiences degradation, then it might be necessary to implement query optimization again.


There we go – safely store your personal data

Using the process mentioned above takes into consideration the necessary elements of a DB server environment. But following this process is the most comprehensive way to make sure that your personal data will be safely stored.


Disclaimer: Parts of this blog post were published on this website in 2013. The original posts have been combined and added onto this blog post in March 2016. 

#1 for KONEPS DB Encryption Market

koneps db encryption market share

Penta Security on top for three consecutive years. An average 39% of market share for KONEPS DB Encryption

Penta Security announced that D’Amo is number one in the “KONEPS (Korea ON-line E-Procurement System) DB Encryption Market,” with a 36% market share in 2014.

KONEPS is the Korean government procurement system. The system provides comprehensive information of all public organizations. Currently it organizes the information of over 37,000 public organizations and 120,000 private firms.

Penta Security has maintained its position as market leader for three consecutive years. According to KONEPS’ integrated procurement information system, a statistic system for the KONEPS public procurement service, the public DB encryption reached a market size of USD 32 million in 2014. D’Amo supplied for USD 11.4 million, an average of 39%.

What is D’Amo?

D’Amo is an integrated data security solution that can encrypt data in databases. It also provides key management, auditing features and a robust access control system. It can provide the best available encryption method for various DBMS environments. Some of these environments include Oracle, MS-SQL, DBS, Altibase, and Tibero. It supports various DBMS encryption methods, including the API encryption method, plug-in encryption method, hybrid method, In-place method, and Data Encryption Platform (DEP).

Penta Security COO Seokil Cho commented,

“D’Amo was the first commercial database encryption solution in Korea, and we are celebrating its 11st anniversary this year. Over the last 11 years, we have made an effort to understand and meet the needs of customers, rather than just merely become a solution to meet compliance issues. We will continue to do our best to improve the data security level of the nation.”

cto duksoo kim

DB Encryption: Business Insight from Our CTO

“D’Amo,” one of the primary product offerings by IT security company Penta Security Systems, celebrated its 10th anniversary this year. As such, Penta Security’s CTO, Duksoo Kim, shared his business insight regarding the industry and technologies.

The DB encryption solutions market has increased very rapidly since its introduction. Accordingly, Penta Security’s D’Amo has become one of the major security solutions in Korea. The company’s current position is the direct result of promoting D’Amo for 10 years after its initial release in 2004. The business scopes of the encryption market are also expanding. In recent years, not only do users encrypt core company data, but also core modules in cars, for example. In accordance with these changes, Penta Security will focus on making its products more sophisticated to become a major platform for encryption in the global market.

penta security cto duksoo kim in a business insight articleDuksoo Kim, CTO of Penta Security, said:

“We are drawing a big picture of an encryption platform. D’Amo is a total encryption platform that supports most of the database environments required in enterprises, including SAP, open source DB encryption, POS device encryption, Oracle DBMS, and Altibase memory.”

Kim explained that even though 10 to 15 DB encryption companies are competing against each other as the security solution market is growing bigger each year, D’Amo is actually the only security solution with its own core technology.

D’Amo provides various components that address hacking, vulnerability and privilege management for enterprises. He added that Penta owns its encryption technology for securing data. The fact that D’Amo has evolved from a package type to a platform means that it can encrypt not only databases, but also OSs and applications. Also, key management is available for authentication and access control, which makes it easier for administrators to manage policies and protect data efficiently.

Controlling policy through key management functions

Kim pointed out that most service companies have already built, or are trying to build, DB encryption systems. The financial sector, however, is delaying the implementation of DB encryption. Banks have already started applying encryption on a partial basis, but they are postponing complete implementation. This is because the important information they have is not organized, and there is concern about the influence of encryption when information is classified according to policies.

DB encryption will eventually improve performance, because it will help organize data and manage partitions. Kim added, “Of course, it would be difficult doing all the classification and implementation at first. However, once you have done it, the burden will decrease and security levels will improve. More importantly, DB encryption can make future system development/design, and DB integration for outsourcing easier by organizing data.”

Most companies have a very disorganized classification scheme as a result of focusing on business convenience. However, DB encryption is becoming a mandatory requirement for corporate compliance. This is considered to be the foundation of enterprise security.

While encrypting existing databases, the main data will be classified and systematized. This will allow administrators to make better policies and manage DB more efficiently, which results in improved overall security. Kim mentioned the importance of policy that can determine the appropriate level of data collection. When designing database security policy in enterprise systems, the existing systems should be analyzed to determine whether too much identifiable data have been obtained.

When an appropriate policy is set, data is well-protected and organized with no duplicate data. It is also common that DB performance and speed will increase after implementing encryption. Penta Security Systems has built DB systems for many enterprises, including Daelim Group, SK Hynix, Kangwon Land, Daishin Securities.

Higher performance than expected

“Dealing with data is very sensitive and many considerations must be taken into account. As a result, a Benchmarking Test (BMT) is sometimes used to measure the effect. Usually, when the BMT is carried out, customers are surprised that the system performance has improved after implementing DB encryption.” -Duk Soo Kim

Last year, Penta Security completed many encryption projects with stock/securities companies. These clients tend to be very speed-sensitive; nonetheless, there were no technical problems for Penta. There are many things to consider while completing a DB encryption project. This can be because the client system is very complicated, and/or because many parts of the system have an impact on one another. Therefore, a more deliberate approach is essential. Implementation is easy, but encryption companies have to discuss even small elements of policy settings with customers to achieve optimal results. Even though it is common for developers and DB professionals to work together for financial sector projects, most do not consider the key issue of performance after encryption.

Kim emphasized the differences between D’Amo and other products on the market. Other products are focused on a specific point, but D’Amo became a platform in 2012, thereby expanding its encryption range. As a platform, D’Amo provides an integrated model that supports various encryption methods for application, DB packages, DB engine levels, and separate equipment, covering all corporate environments. Also, Penta Security has extensive experience in encryption, which has made D’Amo a truly competitive solution.

Public sector customers had been the main customers for the encryption companies until about five years ago. Now, many private sector customers are also implementing the encryption solutions/platforms, and has taken over the public sector as the largest contributor of revenues. In particular, the financial sector has been growing consistently.

Business insight points to further growth

Duksoo Kim stated that Penta Security is trying to change people’s perception about the value of DB encryption as an improvement of overall security, rather than as simply another technology. These days, for example, DB encryption is not only for computers but also for appliances. Therefore, Penta Security is planning to expand its platform to the industries that need Penta Security’s unique technology offerings. He stated that he wants Penta Security to be known as a company that specializes in encryption. Penta Security is aiming to grow 30 percent in revenue this year, compared to last year’s numbers.


D’Amo: D’Amo is a DB encryption product from Penta Security. It can provide the best available encryption method for various DBMS environments, such as Oracle, MS-SQL, DBS, Altibase, and Tibero. D’Amo also supports various DBMS encryption methods, including the API encryption method, plug-in encryption method, hybrid method, In-place method, and Data Encryption Platform (DEP).

profile

50% of DB Encryption Market Share

D’Amo, the comprehensive database encryption solution developed by Penta Security Systems, offers DB encryption, as well as access control features for the encrypted data. By distinguishing between authorized and unauthorized users, access to encrypted data can be fully controlled. The D’Amo administrator is able to specify user login authority by source IP address, permitted time period, and application program. As an advanced option, the administrator can also define the authority to encrypt and decrypt data columns by user. This allows the data, and access to it, to be much more secure. D’Amo does not require many changes to existing application programs to implement.

D’Amo also provides an auditing function for important data columns that tracks which users or computers have performed operations. Based on the provided data, it can apply security policies to prevent questionable access or privilege abuse. It is also equipped with options for optimizing post-encryption performance, as many encryption solutions can significantly reduce performance speed after large amounts of data have undergone encryption.

DB Encryption Market Share

As of last October, D’Amo maintained a majority of the DB encryption market in Korea. It claim approximately 50% of the total market share. Most of these procurements were from the public sector. However, D’Amo advertises a product line-up optimized for a wide variety of enterprise environments, and many strong references attest to its convenience.

Mr. Gyeong Myeong Baek, DB encryption product manager for Penta Security Systems Inc. said, “Because many methods for performing encryption exist, it is necessary to select an optimized solution that is appropriate for the company’s DB. This selection should minimize performance degradation and maximize the company’s desired response to a compliance issue.” He emphasized, “D’Amo fulfills this need by providing not only a single solution. It provides a variety of options capable of suiting any type of enterprise environment. The available encryption modes are Plug-in type, API, and In-place. How D’Amo is implemented will depend on the target enterprise’s environment. Each mode functions differently.”

Collaboration with Vendors

Penta Security Systems has made great endeavors to provide a product lineup that supports the wide assortment of DB ecosystems existing today. At first, D’Amo began as a Plug-in product for Oracle, SQL, and DB2. After additional development, the product’s technology expanded to offer compatibility with several other DB systems, as well as API and In-place methods of encryption.

To accomplish this, Penta Security turned its attention toward collaboration with other DBMS vendors. Such collaboration enabled Penta Security’s D’Amo to acquire DB security certification for SAP. Other cooperative development projects with Tibero allowed Penta to bundle D’Amo with Altibase DBMS.

Penta Security Systems has also designed the ‘SG Analyzer.’ It collects DB queries and predicts the post-encryption performance of the DB. This analyzer is what enables Penta to choose the most appropriate encryption platform for their client’s system infrastructure. This pre-customization has helped expand Penta’s market clients to include libraries, hospitals, ERPs, and others.

Gooft Software Certification

D’amo recently acquired the ‘GS (Good Software)’ certification after undergoing a major upgrade from version 2.3 to version 3.0. The GS certification is a national recognition for software products that pass the software evaluation model. This is based on the international standards set by the Telecommunications Technology Association (TTA).

Baek commented on the certification as well: “D’amo 3.0 is focused on promoting management convenience and improving performance for customers who are sensitive to performance issues, such as in mission-critical applications.” He continued, “We forecast that the need for DB encryption is going to continue in 2013 due to the Personal Information Protection Act. Therefore, we aim to solidly position D’amo in the marketplace. Although DB encryption seems to have been adopted mostly by big enterprises until now, we will be able to open up a market for small and medium-sized enterprises with a new business model.”