Randtronics Logo

Tamperproof Database Encryption

Database Encryption and Column-level Privacy Controls

Hackers love databases: information is the lifeblood of the digital economy and databases concentrate information.  It is not a secret that data breaches are rapidly increasing with no shortage of unscrupulous actors being attracted by the allure of high potential payouts with low physical risk.

Naturally, database protection is now a high priority and for organizations that simply want to tick the ‘database encrypted’ box there are many options including database-native Transparent Data Encryption (TDE) from vendors such as Oracle and Microsoft.

For customers who want to get serious about protecting their data assets, Randtronics DPM offers a systemic approach to data privacy management that includes an all-encompassing form of TDE that both protects databases and all other locations (database servers, file stores, app servers, laptops) where sensitive data is stored, along with an easy upgrade path to also implement enterprise key management and data spoofing (encryption, tokenization, masking, pseudonymization and anonymization) to protect data-at-rest stored on-premise, in-cloud or within containers.

Transparent Data Encryption (TDE) as provided by database vendors (Native TDE) protects internal data but does not protect the environment supporting the database structure:

  • Echos and traces of database records and activities are created and stored on the database server and shared on other devices such as file server,  cloud storage and laptops.
  • Native TDE protects the internal database contents; protecting anything outside of the database, is somebody else’s problem.
  • Sophisticated attackers can dumpster-dive database, web app and file servers for data copies stored in reports, test or analytics systems.
  • Privileged DBA accounts (if compromised) can extract or change data and cover their tracks by altering log files.
  • Privileged Sys Admin accounts (if compromised) can copy entire databases, along with their TDE encryption keys which are often stored as clear data on the same database server.

For organizations protecting highly sensitive information, this is equivalent to leaving sensitive reports in a non secure environment and forgetting to shred documents before disposal.

Diagram illustrating scope of Native Transparent Data Encryption protecting database contents but not database environment
Native TDE doesn't stop an attacker who has compromised a privileged System Admin or DBA from accessing your sensitive data

Randtronics DPM easyCipher protects your sensitive data everywhere

Randtronics DPM ensures that only users with specific permissions can access sensitive data. Eliminate risk of data breach by a compromised privilege user acount
With DPM easyCipher you can fully isolate your sensitive data from privileged user accounts

For customers already using database-native TDE and wishing to further reduce their attack surface by extending TDE coverage beyond the database and enforcing role-separation – DPM easyCipher offers an easy to implement, simple to manage solution:

  • Extend TDE coverage: protect encryption keys, log files, config files, application secrets, passwords, reports and file  stores
  • Enforce role-separation: place responsibility for data privacy control away from DB Administrators and Systems Administrators
  • Easy to implement, simple to manage: no-code changes or business process redesign required, product administration requires minimal training

For customers using database-native TDE who now wish to tighten the protection of encryption keys and certificates whilst simplifying the management process, including hardware security module (HSM) key management (if present) – DPM easyKey offers scalable, enterprise key management.

For customers seeking to rationalize TDE technologies and skill sets – the DPM suite offers a standardized encryption solution for protecting data in any file store, multi-vendor databases or app servers – located on any platform:

  • No-code TDE for all databases (Oracle, MS SQL Server, MySQL, Postgres, DB2, SAP Hana, any other database, agnostic to versions and editions), server-based file stores and laptops
  • No-code change column-level encryption and other field-level protections (FLP) for MS-SQL Server and Oracle Database and flat files
  • Low-code API protection for any field-level protection (FLP) for any application-database stored anywhere
Randtronics DPM easyCipher can assist easily without any code or business process changes.

DPM products enables customers to implement best practice security principle guidelines for policy-based key management, and policy-based data encryption.

For customers seeking to protect database contents at the column level,  DPM  also provides column level encryption, tokeniztion masking, and anonymization, 

DPM enforces access control and separation of duties and maintains a full audit trail.

Implementing effective encryption that locks down access to sensitive data everywhere does not have to be hard, nor require difficult to source skills – Randtronics DPM runs on same standard Windows/ Linux/ database operating environments (SOE) that are familiar to most IT organizations.

Randtronics DPM easyCipher provides:

  • a multi-vendor database encryption solution that is simple to understand and implement enterprise-wide with minimal impact on query types or performance
  • consistent policy-based encryption application to all databases, app servers, files-stores and laptops

Latest news and articles

Goodbye, Tina Turner

Sad news this week that the Queen of Rock ‘n’ Roll has exited the stage. Many of us at the Randtronics team grew up hearing

Read More

Our Customers

Letter from the CEO

Rantronics Logo

Thank you for visiting the Randtronics website.

We make enterprise encryption easy.

Smart businesses already know that only encryption can reduce the attack surface and stop the hackers from stealing their sensitive data. A company that only uses encryption is more secure than a company with all other cyber security measures. Privacy standards such as PCI DSS, HIPAA, and GDPR are all mandating in law the protection of the citizen’s personal data. Fines for breaches are huge. You won’t get fined if your firewall is hacked. You won’t get fined if you suffer a virus or ransomware attack. You WILL get fined if you lose ANY personal data pertaining to ANY citizen. The lowest common denominator is the DATA. Data that is “Encrypted” is out of the scope of the Law.

Whilst all understand the need to protect sensitive data holistically (such as NIST Cyber Security Framework or 12 prescriptive PCI DSS guidelines) their cyber security priorities are misguided to say easy aspects and not addressing “what happens” when these fail? Encryption of data is the only direct protection measure that renders data unreadable compared to upgrading firewalls or virus and malware, IPS, log monitoring, etc. I am saying you need all methods but unless you have implemented enterprise grade encryption you are still unprotected like driving a car without “seatbelts”. “Enterprise grade encryption” as a cyber measure is the “seat belt” that saves lives in car accidents. Industry experts predict a relentless continuation of data breaches this year and penetration testing have proven perimeter defense is easily penetrable.

Randtronics has taken the challenge to make encryption easy and is innovating in many areas. We have already reduced deployment effort to days, use familiar standard components so that less skilled people can deploy and maintain systems.
I welcome discussions via email or phone as through your feedback we will be challenged to continue to innovate to the point where businesses and users do not need to be intimidated when using encryption as the worlds most powerful tool to protect their sensitive data.

Experts predict data breaches will continue at relentless pace, let Randtronics secure your business with “Enterprise grade ubiquitous encryption technology”. Time is of the essence. Why not be pro-active? I invite you to let Randtronics and its global distributors and resellers assess and assist your business directly.

Yours sincerely,
Bob K Adhar, BE, MBA, CISSP
Founder and CEO