On the previous post about “Types of Database Encryption Methods”, the types of database (DB) encryption methods were mentioned based on where the encryption took place. Different types can be further categorized based on what is encrypted (namely the encryption target). The following are the types of DB encryption methods based on the encryption target:
- Column-level encryption:This is a DB encryption method in which each column is encrypted separately. Each column has the same key for access, reading, and writing purposes.
- Row-level encryption:This is a DB encryption method in which each row is encrypted separately. Each row has a unique key for all of its cells.
- Cell-level encryption:This is a DB encryption method in which each individual cell is encrypted separately. Each cell has its own unique key.
- Table space-level encryption:This is a DB encryption method in which each table space is encrypted as a whole. Each table space has a unique key for all of its contents.
- File-level encryption:This is a DB encryption method where individual DB files are encrypted as a whole and unauthorized access is restricted.
As column-level encryption and file-level encryption are well-known among these methods let’s find out more about their advantages in detail.
With file-level encryption, the DB file is protected by encrypting the whole DB file and unauthorized access to the file is restricted. Only authorized servers can decrypt and access the data. This method is the easiest way to provide DB encryption. More about file-level encryption can be found at “All You Need to Know about File-Level Encryption”.
However with file-level encryption, as it operates at the OS level, there are limitations in its functions. By encrypting the entire database file, it is impossible to identify the diverse systems and users who access the host database. Since users have different purposes or roles when accessing data, access control should be provided more selectively. In order to achieve this functionality the encryption needs to take place at the DB level, and this is where column-level encryption is needed. Let’s take a look at the advantages column-level encryption brings.
The Three Advantages of Column-Level Encryption
1. Selective Encryption for Higher Performance
Column-level encryption allows users to choose and pick to encrypt specific columns or attributes only instead of having to encrypt the entire file. This allows for optimal selection of choosing only the sensitive data that needs to be encrypted. This also hugely boosts the performance of the system compared to encrypting the whole database file. There is no use in encrypting data that doesn’t need to be protected.
2. Access Control and Column-Level Management
While only OS-level access control is available for file-level encryption, with column-level encryption it is possible to set up and manage proper access control at the DB-level. The security administrator can set up an encryption/decryption policy to choose the authority of what users have access to. The Security administrator can also delegate the encryption/decryption keys to only authorized users. This then restricts the access of which columns users are able to encrypt and decrypt. By controlling who has access to what it allows for users to unconstrained access to insensitive data which doesn’t need to be encrypted.
3. More Options with Encryption
Generally speaking, column-level encryption has more convenient options in applying encryption than file-level encryption. While not all column-level encryption solutions offer every option, it is through column-level encryption that these options are available. Some of these options are: data encryption while the DB is active, index column encryption, partial encryption, hashing etc. These different options allow for functionality that can only be achieved through column-level encryption. For example, normally after encryption, only full text search is possible. However MyDiamo’s index-column encryption and partial encryption makes index searching possible. What this means is that a partial portion of the original data is left un-encrypted so that the search function is able to operate more efficiently.
Column-level encryption is widely spread and it is the most common method among DB administrators. As it is familiar, the implementation of column-level encryption is facilitated. With all of these advantages, and MyDiamo’s engine-level encryption technique, users are able to fully benefit from transparent column-level encryption for higher performance.