Having to store enormous amounts of data has led to an extensive deployment of database systems within organizations. Regardless if those database systems are deployed on-premises or outsourced to specialized cloud providers, they are considered and treated as critical infrastructure by almost all organizations.
Storing and guaranteeing the availability of relevant data is one critical factor for the survivability of organizations. Securing the stored data – especially data that is critical for maintaining a competitive advantage or data governed by the various regulations – is an equally important factor. The best practice approach in this context is data encryption. Many database system vendors have advanced accordingly, offering built-in database encryption mechanisms. Oracle TDE and Microsoft EKM are just two prominent examples of such technologies.
Encryption and tokenization becomes even more important if one considers the plethora of legal frameworks and compliance regulations that apply to sensitive data. From the Gramm–Leach–Bliley Act to the Health Insurance Portability and Accountability Act (HIPAA) all the way to Payment Card Industry Data Security Standard (PCI-DSS) and the General Data Protection Regulation (GDPR). There are a variety of laws and regulations that impose heavy burdens upon organizations that collect, store and process sensitive data should they fail to properly protect this data. Moreover, most, if not all those frameworks refer to encryption and tokenization as the best practice to prove compliance. Such practices also safeguard business-critical data and sensitive information.
How does database encryption work? Nowadays database systems offer a fine-grained encryption scheme at the very top of which a master encryption key is set. This master encryption key is usually an Advanced Encryption Standard (AES) key of 256-bits length. It is used to encrypt the actual data encryption keys, which are commonly referred to as tablespace and column encryption keys. Tablespace and column encryption keys are the keys used for encrypting sensitive data within a database. They are encrypted and, in most cases, stored in the header of a tablespace or within memory. Now, although this approach, combined with a well-defined role-based access control scheme allows for granular data protection, the system bares an inherent weakness. Namely it is only as secure as the master encryption key is.
Major database vendors have quickly identified this weakness. Consequently, they have evolved, integrating an application programming interface (API) which allows the master encryption key to be generated and stored in a non-exportable manner within the secure boundary of a Hardware Security Module. The advantage of such an approach is twofold. On the one hand, you can be assured that your keys have been generated by a dedicated cryptographic device equipped with a hardware-based true random number generator. On the other hand, regardless whether your databases are hosted on-premises or in the cloud, the most sensitive key of your system is under your control at any given time.