Providing Database Encryption as a Scalable Enterprise Infrastructure Service
Ulf T. Mattsson
As databases become networked in more complex multi-tiered applications, their vulnerability to external attack grows. We address scalability as a particularly vital problem and propose alternative solutions for data encryption as an enterprise IT infrastructure component. In this paper, we explore a new approach for data privacy and security in which a security administrator protecting privacy at the level of individual fields and records, and providing seamless mechanisms to create, store, and securely access databases. Such a model alleviates the need for organizations to purchase expensive hardware, deal with software modifications, and hire professionals for encryption key management development tasks. Although access control has been deployed as a security mechanism almost since the birth of large database systems, many still look at database security as a problem to be addressed as the need arises - this is often after threats to the secrecy and integrity of data have occurred. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data items or objects. This prevents outside attacks as well as infiltration from within the server itself. This also allows the security administrator to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods. Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. Different stored data encryption strategies are outlined, so you can decide the best practice for each situation, and each individual field in your database, to handle different security and operating requirements. Application code and database schemas are sensitive to changes in the data type and data length. the paper presents a policy driven solution that allows transparent data level encryption that does not change the data field type or length.
Number of Pages in PDF File: 9
Keywords: Isolation, intrusion tolerance, database security, encryption, privacy, VISA CISP, GLBA, HIPAAworking papers series
Date posted: February 9, 2005
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo2 in 0.390 seconds