Key management and data sovereignty

Patented next generation key encryption

Organizations are a target for hackers and malicious users as they store significant amounts of sensitive data in databases. There are many options for encrypting databases: natively available from database vendors like Oracle and Microsoft known as Transparent Data Encryption (TDE) or from Randtronics offering its version of TDE (DPM database agent) and DPM column level encryption, tokenization, masking, pseudonymization and anonymization.

Customers using native database TDE need to protect the master key for the database encryption at out of the box configuration as it is not totally secure. Usually to protect keys it is necessary to integrate TDE with an external hardware security module. This requires manual integration and configuration changes which differ from vendor to vendor and adds technical complexity. The better alternative is to use Randtronics DPM software security module offering key encryption and access control which simplifies the protection of the master keys for TDE. The integration is transparent and does not require any configuration or database changes. It also enables separation of duties between a security team and database administrators. DPM can support multi-vendor TDE databases types (Oracle or MS SQL server) from a single platform.

DPM also offers options to integrate with multi-vendor hardware security modules without code changes where higher key assurance and enterprise wide key and certificate management is required.