Home » Data Protection » Application Security

Protecting Data at Rest

New approaches to protecting data at rest (and avoiding the wrath of your customers).

The researchers described Vast in a paper called "Protecting Secret Data from Insider Attacks" presented at the 2005 Financial Cryptography conference. But when I spoke with Dagon, he said that he was having a hard time finding anybody who was interested in commercializing the research because the whole idea of storing gigabytes of data on terabytes of hard drives seemed so wasteful! People just couldn't seem to understand that the point of Vast is that the cost of a few dozen hard drives is almost inconsequential compared to the protection that they can provide against a very common attack.

Option 5: Encrypt Just Part of It

Organizations that are looking for something that's made it out of the research lab and into the marketplace would do well to look some of the emerging column-level encryption solutions, in which some information in the database gets encrypted while other information is left in the clear. Column-level solutions are now available for IBM DB2, Oracle, Microsoft SQL Server and even MySQL. These systems generally rely on either code within the application or a fancy proxy to encrypt data as it is written into the database and decrypt it when it is read back out. Column-level encryption isn't as secure as the other approaches described in this column because the decryption key is usually embedded somewhere within the application program or database. But it's certainly better than having no encryption at all.