• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

April 21, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

April 21, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

April 21, 2021
Secureworks Red Cloak will use Microsoft Defender Advanced Threat Protection

AuthenTrend security keys, biometrics integrated with MyID in Intercede partnership

April 21, 2021
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

H2C smuggling proves effective against Azure, Cloudflare Access, and more

April 21, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Sinequa Launches Cloud Optimized Intelligent Search Platform on Microsoft Azure

April 21, 2021
Aruba ClearPass Policy Manager Integrates with Microsoft

Kemp Joins Microsoft Intelligent Security Association

April 21, 2021
Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions

Datawiza Automates Application Integration for Microsoft Azure Active Directory

April 21, 2021
Automate Evidence Collection With Hypersync

Automate Evidence Collection With Hypersync

April 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

SANS Cloud Security Curriculum Gaining Altitude Become a SANS Cloud Ace

April 21, 2021
Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform

Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform

April 21, 2021
Inside a Microsoft Azure datacentre: Cloud giant invites users on server farm virtual tour

Inside a Microsoft Azure datacentre: Cloud giant invites users on server farm virtual tour

April 21, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, April 21, 2021
  • Login
Azure Security News
  • Home
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

    Security should start in software engineering

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

    Microsoft is quietly becoming a cybersecurity powerhouse

    Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

    Secureworks Red Cloak will use Microsoft Defender Advanced Threat Protection

    AuthenTrend security keys, biometrics integrated with MyID in Intercede partnership

    Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

    H2C smuggling proves effective against Azure, Cloudflare Access, and more

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Sinequa Launches Cloud Optimized Intelligent Search Platform on Microsoft Azure

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Kemp Joins Microsoft Intelligent Security Association

    Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions

    Datawiza Automates Application Integration for Microsoft Azure Active Directory

    Automate Evidence Collection With Hypersync

    Automate Evidence Collection With Hypersync

    Microsoft Launches Host of Security Products in Time for RSA

    SANS Cloud Security Curriculum Gaining Altitude Become a SANS Cloud Ace

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Windows 10 21H1: A small but significant update, with bigger changes to come in 21H2

    Microsoft Touts Secured-Core PCs To Block Driver Exploits

    KDDI Taps Cato SASE for Secure Remote Access

    Juniper Networks inspires overarching approach to connected security

    Going serverless? Rethink your data security approach

    Juniper Networks inspires overarching approach to connected security

    Introducing the Azure Network Security Tech Community and Github Repo

    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Azure WAF Custom Rule Samples and Use Cases

    Aruba ClearPass Policy Manager Integrates with Microsoft

    How Microsoft Is Powering Digital Transformation From the Cloud

    Part 4 – Data Disclosure and Exfiltration Playbook: Azure WAF Security Protection and Detection Lab

    The Mountain Of A Manager

    Microsoft offers startups free cloud tech

    Microsoft Launches Host of Security Products in Time for RSA

    The 14 Best Cloud Security Courses on Pluralsight

    Microsoft Adds Anti-Phishing ‘Campaign Views’ to Office 365 ATP

    How 4 cities are modernizing their IT infrastructure through the cloud

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

What is database encryption?

by AZURE SECURITY NEWS EDITOR
February 26, 2021
in Business
0
Innovative solutions for IT workers at home
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say, “is at rest.”

There are several methods to generate and apply secret codes, but the end result is to make the data unusable in case an attacker manages to evade the standard defenses and gain direct access to the raw bits inside.

While the basic motivation remains rendering the data unreadable to those without authorized access, the process of encoding has evolved to support a number of different use cases:

  • Complete secrecy — The database and all of its contents are locked up to prevent access.
  • Partial secrecy — Some of the columns are scrambled to prevent disclosure, but others are left open. All regular operations on the open columns or fields work quickly without impediment, and only the queries accessing the scrambled columns are limited.
  • Audit trails — The digital signatures or hash functions can be used to track changes and connect them to the users who authorized them.
  • Client-side secrecy — The data is scrambled on the user’s computer before it is given to the database for storage. Often the database or any other code running on the server can’t get access to the information.
  • Homomorphic secrecy — Sophisticated mathematical transformations make it possible to analyze the data without unscrambling it.
  • Hardware level secrecy — Some applications rely on encryption built into underlying hardware like the disk drives.

The encryption process is a close cousin to the mathematical assurance that makes up the foundation of the ledger or blockchain databases. Digital signatures algorithms used to authorize and guarantee the changes to the ledgers are often developed and supported by the same library. While blockchain databases do not necessarily offer privacy — indeed, all transactions are public — they are often categorized similarly.

How are the legacy players approaching it?

Oracle has been shipping tools to enable database encryption for decades, with a feature they call “transparent database encryption” that’s designed to minimize the difficulty of use. Database administrators can protect entire databases, particular tables, or just individual columns. The keys are stored separately in an Oracle Key Vault, and they’re managed to keep authorized database consumers from having to input them. This is because, the documentation explains, the data is “transparently decrypted for database users and applications.” This automated encryption is a good defense against stolen storage media or attackers who manage to gain access to the raw data stored on disks (that is, at rest).

Microsoft’s SQL Server also supports automatically encrypting data before it’s stored to a hard disk drive (HDD) or solid state disk (SSD), something it also calls “transparent database encryption.” Versions running locally or in the Azure cloud can turn it on. They also have a separate layer designed to ensure that all connections to the database from other servers are encrypted.

Many companies are also relying on encryption that’s added by the file system or the hardware of the disk drive itself. Operating systems like MacOS, Linux, or Windows will support encryption of all files as they’re stored, which also covers the indices and data columns stored by the database software. Adding encryption to the file system will affect the overall load of the server by increasing the time it takes to record the data.

Some drives can now handle the encryption using special chips added to the disk drive. Some are designed to be easily removable, so they might be locked up in a physical safe or moved to a different location for backup.

What are the upstarts doing?

Many popular open source databases like MySQL or PostgreSQL include encryption libraries to simplify implementing encryption. Most of them use established cryptographic libraries instead of trying to create their own. The pgcrypto module, for instance, offers encryption functions that can be applied within SQL queries, and the crypt() function is often used to scramble passwords before they’re stored.

MongoDB added the ability to encrypt their databases at rest to the Enterprise edition. The default relies on AES with 256-bit keys. MongoDB added field-level encryption to secure certain parts of the data stored in the database across all its offerings in December 2019.

IBM isn’t an upstart in the industry, but it is one of the leaders exploring some of the more sophisticated algorithms for homomorphic encryption. The company has released a toolkit for adding fully homomorphic encryption to iOS and MacOS. Microsoft’s Research division is also sharing SEAL, a homomorphic encryption library that supports basic arithmetic. It’s released under the MIT license and is built for linking with .Net and C++ code.

What about governance?

The challenge for managing encryption is keeping all of the keys safe and secure. Access to the data is controlled by the keys, and they should be kept independent of the data when the database is not being used. Extra care must also be taken with the backups, because a lost key can mean that an entire database is rendered unreadable.

Cloud companies are supporting key management by setting up separate services that isolate the keys from the regular computation. Microsoft’s Azure calls its service the Key Vault, and it keeps the keys in “Hardware Security Modules (HSM),” which will store them with an extra layer of encryption. IBM calls its service “Key Protect,” and it also uses HSMs to protect the local keys the database uses.

Is there anything an encrypted database can’t do?

Adding encryption requires a significant amount of computation, and this increases the cost of storing and retrieving the information. In some cases, the CPUs are idle, and the extra cost is negligible. Many desktops and cell phones, for instance, rarely use more than a small fraction of their available CPU cycles. If these devices encrypt the data before sending it to the database, they bear the computational burden, which may be negligible, and you don’t want to overload the central database.\

But in other cases, adding the encryption can require stronger database servers and larger clusters to handle the load. Much depends on how the encryption is applied and how the data will be used afterwards. Bulk encryption is built into some hard disks and operating systems, and it’s possible to turn on these features without significantly slowing down the hardware.

The most sophisticated algorithms, like homomorphic encryption, require a significantly larger computational infrastructure. The field continues to be an area of extremely active exploration, and new algorithms can be several orders of magnitude faster than their predecessor, but the performance is still not practical for many applications.

Reference: https://venturebeat.com/2021/02/25/what-is-database-encryption/

Share196Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions

Datawiza Automates Application Integration for Microsoft Azure Active Directory

by AZURE SECURITY NEWS EDITOR
April 21, 2021
0

- Datawiza, one of the first companies to offer cloud-delivered Access Management as a Service (AMaaS), today announced Datawiza One-Click for...

Juniper Networks extends connected security with two new updates

UnitedLex Vantage Now Available in the Microsoft Azure Marketplace

by AZURE SECURITY NEWS EDITOR
April 20, 2021
0

NEW YORK--(BUSINESS WIRE)--UnitedLex, a leading technology and legal services company, today announced the availability of its Vantage solution in the...

Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Cado Security locks in $10M for its cloud-native digital forensics platform

by AZURE SECURITY NEWS EDITOR
April 19, 2021
0

By Ingrid Lunden and Azure Security News As computing systems become increasingly bigger and more complex, forensics have become an...

Microsoft is quietly becoming a cybersecurity powerhouse

Cloud Workload Protection Platforms Software Market Challenges during COVID-19 Pandemic, Economic Growth by Players – AWS Control Tower, Cisco, Google, Trend Micro, McAfee Server Security Suites, IBM, Trend Micro Deep Security, Oracle, etc

by AZURE SECURITY NEWS EDITOR
April 19, 2021
0

By anita_adroit and Azure Security News The most current Cloud Workload Protection Platforms Software Market report delivers dimensions, program section,...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Analyzing Azure Active Directory Sign-In Data with PowerShell

December 18, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

April 21, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

April 21, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

April 21, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In