Database security: At rest, but not at risk

Data at rest is data at risk, as the old saying goes. These database security tools and strategies can help you fight back.

1 2 Page 2
Page 2 of 2

Database encryption has been around a long time and, as such, is very mature, according to Adrian Lane, security analyst at Securosis, a security research and advisory firm. The database vendors offer encryption within the database itself, while some third-party tools intercept files to encrypt or decrypt them then.

According to Lane, use of encryption tools for databases is rising only slowly, with compliance as the main driver for adoption, particularly for the payment card industry (which requires data-at-rest encryption).

That was the case at ARC, which builds financial tools for the travel industry. ARC needed to encrypt its Teradata data warehouse and Oracle transaction databases. Jim Holsten, director of technical services, wanted one tool for both environments and chose Protegrity, which offered an Oracle encryption engine and was willing to build one for Teradata.

Since implementing the system, Holsten has worked with Protegrity to write rules enabling more granular access to data. ARC is beginning to encrypt not just credit card numbers, but also other non-mandated but sensitive items, including passport and driver's license numbers.

Meanwhile, Tom Funk, compliance director at RedBrick Health, turned to Vormetric to comply with HITECH Act regulations and NIST guidelines. RedBrick decided on Vormetric, which encrypts the company's MySQL back-end database (which does not offer encryption capabilities), going beyond the 128-bit minimum encryption standard, using 256-bit instead. Encrypting data at rest keeps it safe as customers access the database over the Web. "If anyone got a copy of the database, it would be unreadable," Funk says.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The 10 most powerful cybersecurity companies