TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / applications / database encryption

database encryption

Data is increasingly becoming the focus of modern enterprises. Organizations collect, process and store massive amounts of data on a daily basis. They aim to create new innovative products and services for their clients to gain competitive advantage. Personal information, payment transaction data, human resources and research data – they all constitute a modern organization’s IP. Hence they must be handled with care to avoid data breaches, negative publicity and regulatory fines. The best and most secure way to protect such data is through database encryption, using a Hardware Security Module (HSM).

Utimaco HSMs database encryption

Database encryption using HSMs to protect critical data and IP

Database systems to store data

Having to store enormous amounts of data has led to an extensive deployment of database systems within organizations. Regardless if those database systems are deployed on-premises or outsourced to specialized cloud providers, they are considered and treated as critical infrastructure by almost all organizations.

The importance of securing critical data

Storing and guaranteeing the availability of relevant data is one critical factor for the survivability of organizations. Securing the stored data – especially data that is critical for maintaining a competitive advantage or data governed by the various regulations – is an equally important factor. The best practice approach in this context is data encryption. Many database system vendors have advanced accordingly, offering built-in database encryption mechanisms. Oracle TDE and Microsoft EKM are just two prominent examples of such technologies.

Legal frameworks and regulatory compliance

Encryption and tokenization becomes even more important if one considers the plethora of legal frameworks and compliance regulations that apply to sensitive data. From the Gramm–Leach–Bliley Act to the Health Insurance Portability and Accountability Act (HIPAA) all the way to Payment Card Industry Data Security Standard (PCI-DSS) and the General Data Protection Regulation (GDPR). There are a variety of laws and regulations that impose heavy burdens upon organizations that collect, store and process sensitive data should they fail to properly protect this data. Moreover, most, if not all those frameworks refer to encryption and tokenization as the best practice to prove compliance. Such practices also safeguard business-critical data and sensitive information.

Database encryption using Utimaco Hardware Security Modules

How does database encryption work? Nowadays database systems offer a fine-grained encryption scheme at the very top of which a master encryption key is set. This master encryption key is usually an Advanced Encryption Standard (AES) key of 256-bits length. It is used to encrypt the actual data encryption keys, which are commonly referred to as tablespace and column encryption keys. Tablespace and column encryption keys are the keys used for encrypting sensitive data within a database. They are encrypted and, in most cases, stored in the header of a tablespace or within memory. Now, although this approach, combined with a well-defined role-based access control scheme allows for granular data protection, the system bares an inherent weakness. Namely it is only as secure as the master encryption key is.

Major database vendors have quickly identified this weakness. Consequently, they have evolved, integrating an application programming interface (API) which allows the master encryption key to be generated and stored in a non-exportable manner within the secure boundary of a Hardware Security Module. The advantage of such an approach is twofold. On the one hand, you can be assured that your keys have been generated by a dedicated cryptographic device equipped with a hardware-based true random number generator. On the other hand, regardless whether your databases are hosted on-premises or in the cloud, the most sensitive key of your system is under your control at any given time.

Ready to take off?

Download our HSM simulator!

Register for free
Take me there

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security Ascertia - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner PKI Solutions Inc. Cyber Armor Pte Ltd Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Cryptomathic A/S Macroseguridad Utimaco HSM - QuintessenceLabs MIcrosec Encryption Consulting LLC VAR Group SpA - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH Baas Control s.r.o. Perceptus-sp.-z-o.-o. Microexpert Limited Komar Consulting Inc. - Utimaco Hardware Security Modules Partner CewTec S.A. ESYSCO Sp. z o.o. MALKOM D.Malińska i Wspólnicy s.j. Cryptomathic Inc. Abrantix AG Versasec CertiSur S.A. CREAplus Italia S.r.l Real security d.o.o. Nexus Technology GmbH Fortiedge Pte Ltd. Primekey Solutions AB Cogito Group Pty Ltd IQuantics Corp Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Safesoft Kft. Compumatica secure networks GmbH CEGA Security Softline Solutions GmbH E-Sign S.A. Compumatica secure networks B.V. Utimaco HSM - PTESA_profesionales en transacciones electronicas cv cryptovision GmbH PETA (Thailand) Co., Ltd. EUROPEAN DYNAMICS SA. Cryptomathic GmbH Altacom UAB Nexus - Utimaco Hardware Security Modules Partner intarsys AG Telegrupp AS Thomas-Krenn.AG MTG - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Nexus - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research