Providing Database Encryption As A Scalable Enterprise Infrastructure Service
Free (open access)
U. T. Mattsson
As databases become networked in more complex multi-tiered applications, their vulnerability to external attack grows. We address scalability as a particularly vital problem and propose alternative solutions for data encryption as an enterprise IT infrastructure component. In this paper we explore a new approach for data privacy and security in which a security administrator protecting privacy at the level of individual fields and records, and providing seamless mechanisms to create, store, and securely access databases. Such a model alleviates the need for organizations to purchase expensive hardware, deal with software modifications, and hire professionals for encryption key management development tasks. Although access control has been deployed as a security mechanism almost since the birth of large database systems, many still look at database security as a problem to be addressed as the need arises – this is often after threats to the secrecy and integrity of data have occurred. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data items or objects. This prevents outside attacks as well as infiltration from within the server itself. This also allows the security administrator to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods. Keywords: isolation, intrusion tolerance, database security, encryption, privacy, VISA CISP, GLBA, HIPAA. 1 Introduction Although access control has been deployed as a security mechanism almost since the birth of large database systems, for a long time security of a DB was
isolation, intrusion tolerance, database security, encryption, privacy, VISA CISP, GLBA, HIPAA.