Generally, encryption implies converting data (plaintext) to an unreadable form by applying an algorithm and can only be reverted with a decryption key. At first glance, it seems that if one’s data is encryption, security is already in place. The true fact just encryption is never enough. What you need is a more thorough protection – secure encryption. This is normally achieved through the use of encryption with a few other additional security features such as Key Management, Access Control, and Auditing. This blog will dabble in the three main additional security features.
When converting data (plaintext) into cryptography (ciphertext), a ‘key’ is used. To decrypt, the same key is also needed. To ensure secure encryption is in place, the management of the key is equally important. Key management refers to more than just handling the keys, it means applying encryption at a tier and control decryption in another tier after going through a legitimate process and user authentication. As such, key management can be translated into managing controls not only for encryption but decryption authority, too. MyDiamo product provides such key management services which allow the safe-keeping of these keys externally.
In most cases, unauthorized access, be it from the outside or inside, to private data is one of the main accidents organizations try hard to overcome. To prevent unwanted access or data leakage, an organize and proper access control system is necessary. One of the important aspects of access control is delegating access privileges to users. For example, high-ranked executives are given access to encrypt/decrypt all data while subordinates are only allow encryption without decryption privileges, etc. This helps to define roles clearly in an organization setting and allows a more comprehensive management of the security. Thus, restraining the possibility of unauthorized access that can cause data breaches or leakage.
Data breaches happening due to insider abuse is no longer uncommon. But with access control in place, all activities will need to be recorded, which means users are able to check who has performed encryption/decryption functions on which portion of the data. This provides a clear and transparent management where auditing is called for, containing the problem of insider’s leak. Administrators are able to monitor who has access to data or security policy controls.
All the above-mentioned features are functions available in MyDiamo product. The product is indeed one of its kind as it provides an affordable yet comprehensive encryption software for open source DBMS like MySQL, MariaDB, PerconaDB, and PostgreSQL. Other features of MyDiamo also includes masking function, partial encryption, file-level encryption and not to mention transparent-column-level encryption. For more about column-level encryption and its advantages, we suggest you visit our other blogs.