In recent years, people's attention to information security gradually increased, however, there are still a large number of information disclosure incidents are blowout-like, constantly breaking into the public eye. The source of leaks involved in these events is often a database storage layer that is difficult to cover with traditional security measures. The intruder or the use of authority, or directly take action to invade the database host, thereby the non-fortification of the database storage files and the overall theft and restore. Behind this simple but often effective approach, there is a significant security requirement – database security, where users need efficient encryption technology as a means of storage-layer protection.
Encryption of the database storage layer can resolve the information disclosure risk caused by the plaintext storage, but the database encryption technology to form a truly user-safe and secure products, the following issues must be paid attention to.
reasonable choice of encrypted content and control of access rights
The data that the user stores in the database, not all content is very sensitive, need to encrypt the storage. In the back-end database of the application system, the real need of encryption, such as user identity, asset accounts, etc., often in the overall data accounted for very little, this information scattered in a number of different fields of the table, if there is no effective means can only be used to encrypt the data, but to encrypt all the data, It not only creates additional performance overhead, but also makes database maintenance more difficult. The mature database encryption technology can optionally set encrypted content by column, and grant the database user different read and write permissions for the encrypted field. Anwarking database encryption and decryption products Dbcoffer not only supports database encryption and decryption as a unit, but also can configure the encryption column independently of the database permission system, so as to protect the user's core sensitive data at a small cost.
Transparent plus decryption
If the firewall or fortress machine to protect the database is to wear "bulletproof vest", then the database storage layer encryption is tantamount to a database to do a precision surgery. These "big muscles and bones" after the data security of encrypted storage has naturally improved, but if the user access to the way the data has an impact, the need to apply the SQL statement to make targeted adjustments, or use a special API to connect to the database, and operations side of the data migration and other scripts to rewrite, it is not worth the candle. A mature database encryption product not only provides security for data, but also minimizes the impact of this encryption on database usage without affecting the user's normal use. On the transparency point, Anwarking's Dbcoffer products have independent research and development of national patent, through transparent view technology, can guarantee the application without modification, operation side without modification, and will not affect the database dependencies and functions, without affecting the database of high-end features such as RAC.
encryption and decryption and ciphertext retrieval performance
Another important index of database encryption technology is undoubtedly performance, imagine the user to the encrypted data retrieval, response time has become a few times before the encryption and even dozens of times times, then the so-called "security" for users, it is obviously not able to bear the slow. Mature database encryption and decryption technology, must be a good balance of security and performance, can not only effectively protect the data, but also do not affect the user experience, so that performance degradation within an acceptable range. This performance not only refers to the encryption of plaintext data as ciphertext data, or decryption data to decrypt the speed of the restoration, more importantly, the ciphertext form of the data query retrieval, whether it can still maintain the database indexing technology to bring efficient access characteristics. Anwarking's Dbcoffer products have national patent "ciphertext index" in performance, and through the extension of database indexing mechanism, the retrieval performance of ciphertext data can be reduced to less than 8% of the database index. At the same time, the high-efficiency data encryption and decryption engine inside the product can ensure that the data of millions becomes ciphertext, which takes only two minutes, which guarantees the security and the performance of the basic lossless.
Safe, easy-to-use, efficient, is a mature database encryption and decryption technology must have three characteristics, but also the database encryption and decryption products must ensure the basic ability. An Huaqin and database encryption product team is based on these three points as the cornerstone of the product, to be more secure, easier to use and more efficient as the goal, in the field of database encryption technology continue to explore and technology innovation, for users of data security to contribute their own power.
This article is from the Database security blog, so be sure to keep this source http://schina.blog.51cto.com/9734953/1657581
Key points of database encryption technology