Tamperproof Database Encryption
Database Encryption, Masking and Column-level Privacy Controls
Hackers love databases: information is the lifeblood of the digital economy and databases concentrate information. It is not a secret that data breaches are rapidly increasing with no shortage of unscrupulous actors being attracted by the allure of high potential payouts with low physical risk.
Naturally, database protection is now a high priority and for organizations that simply want to tick the ‘database encrypted’ box there are many options including database-native Transparent Data Encryption (TDE) from vendors such as Oracle and Microsoft.
For customers who want to get serious about protecting their data assets, Randtronics DPM offers a systemic approach to data privacy management that includes an all-encompassing form of TDE that both protects databases and all other locations (database servers, file stores, app servers, laptops) where sensitive data is stored, along with an easy upgrade path to also implement enterprise key management and data de-identification (encryption, format preserved encryption, tokenization, masking, pseudonymization and anonymization) to protect data-at-rest stored on-premise, in-cloud or within containers.
Transparent Data Encryption (TDE) as provided by database vendors (Native TDE) protects internal data but does not protect the environment supporting the database structure:
- Echos and traces of database records and activities are created and stored on the database server and shared on other devices such as file server, cloud storage and laptops.
- Native TDE protects the internal database contents; protecting anything outside of the database, is somebody else’s problem.
- Sophisticated attackers can dumpster-dive database, web app and file servers for data copies stored in reports, test or analytics systems.
- Privileged DBA accounts (if compromised) can extract or change data and cover their tracks by altering log files.
- Privileged Sys Admin accounts (if compromised) can copy entire databases, along with their TDE encryption keys which are often stored as clear data on the same database server.
For organizations protecting highly sensitive information, this is equivalent to leaving sensitive reports in a non secure environment and forgetting to shred documents before disposal.
Randtronics DPM easyCipher protects your sensitive data everywhere
- Air-gap separation between your IT organization and your sensitive data
- Zero-trust encryption management system
- Standardize encryption management across multiple DB vendor technologies, web/app servers; and all Windows andLinux environments
- Policy-based management of encryption, data de-identification, encryption keys and digital certificates
- Enhance, extend or replace native TDE
For customers already
using database-native TDE and wishing to further reduce their attack surface by
extending TDE coverage beyond the database and enforcing role-separation
– DPM easyCipher offers an easy to implement, simple to manage solution:
- Extend TDE coverage: protect
encryption keys, log files, config files, application secrets, passwords,
reports and file stores - Enforce role-separation: place responsibility for data privacy control
away from DB Administrators and Systems Administrators - Easy to implement, simple to manage: no-code changes or business process redesign
required, product administration requires minimal training
For customers using
database-native TDE who now wish to tighten the protection of encryption keys
and certificates whilst simplifying the management process, including hardware
security module (HSM) key management (if present) – DPM easyKey offers
scalable, enterprise key management.
For customers seeking
to rationalize TDE technologies and skill sets – the DPM suite offers a
standardized encryption solution for protecting data in any file store,
multi-vendor databases or app servers – located on any platform:
- No-code TDE for all databases (Oracle, MS SQL Server,
MySQL, Postgres, DB2, SAP Hana, any other database, agnostic to versions
and editions), server-based file-stores and laptops - No-code change column-level encryption and other
field-level protections (FLP) for MS-SQL Server, MySQL, Maria, Postgres and Oracle Database and
flat files - Low-code API protection for any field-level protection
(FLP) for any application-database stored anywhere
Randtronics DPM easyCipher can assist easily without any code or business process changes.
DPM products enables customers to implement best practice security principle guidelines for policy-based key management, and policy-based data encryption.
For customers seeking to protect database contents at the column level, DPM also provides column level encryption, tokeniztion masking, and anonymization,
DPM enforces access control and separation of duties and maintains a full audit trail.
Implementing effective encryption that locks down access to sensitive data everywhere does not have to be hard, nor require difficult to source skills – Randtronics DPM runs on same standard Windows/ Linux/ database operating environments (SOE) that are familiar to most IT organizations.
Randtronics DPM easyCipher provides:
- a multi-vendor database encryption solution that is simple to understand and implement enterprise-wide with minimal impact on query types or performance
- consistent policy-based encryption application to all databases, app servers, files-stores and laptops
Latest news and articles
Why Traditional Defenses Are No Longer Enough to Protect Your Data
Many businesses continue to rely heavily on traditional security measures like firewalls, antivirus programs, physical security, auditing, and access controls to safeguard their data. While
The Importance of Encryption in Today’s Cybersecurity Landscape
Cyber threats are constantly evolving, and traditional defenses like firewalls and antivirus software are no longer enough to fully protect your business. While these tools
Wide-ranging attacks against Barracuda appliances linked to China
This week the news broke that Mandiant (an incident response firm) attributed the recent cyberattack campaign targeting customers utilizing Barracuda’s Email Security Gateway to hackers
Our Customers
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.