Transparent Data Encryption or TDE has been around for years. We all know what it does: encrypt database in its entirety and making this fully transparent to all applications that gain access to the database. TDE also encrypts all database backups. For this and other reasons, sensitive information is kept safe, including data-at-rest.
Database Encryption Options
No matter what field we are in, each one of us has to deal with sensitive information. It can be personal data regarding a client or customer, or it can be information about a particular partner, project, or property. If we lose any of these data, we can lose a lot, including our jobs and businesses; maybe even our lives (well, not literally!). This is why we need to be sure that whatever is in our databases, it should be fully protected. And this can be done through encryption!
By converting data into a form that ordinary or unauthorized persons cannot understand, sensitive information are safeguarded. There are three levels of encryption to choose from:
- application level,
- database level, and
- storage level.
What we are most familiar with is encrypting data at the lowest level, the storage level. This may protect information, but only to a certain extent. Data can still be infected by malware. Application level encryption may offer the highest form of protection, but it is not a popular choice. Database level encryption is the best choice because it does not only protect information better than storage level; it also works against application layer changes.
Transparent Database Encryption does not allow anyone to go around the database to read sensitive information. It offers absolute protection in the database layer through data-at-rest encryption. Just like the kind of protection offered by MySQL Enterprise TDE.
MySQL Enterprise Transparent Database Encryption
Just last month, MySQL Enterprise Transparent Data Encryption was released. It provides the kind of security we need for critical and sensitive information through data-at-rest encryption. Basically, what it does is encrypt the database’s physical files automatically. Additionally, hackers and unauthorized persons can’t read the critical data from backups.
Here are some features of MySQL Enterprise TDE that should give anyone peace of mind with regard to security and protection of sensitive information:
- Aside from a secure and simple key rotation, TDE also guarantees that keys are kept away from the data.
- As a result of its two-tier encryption key architecture, data-at-rest encryption is guaranteed.
- No additional coding or modification of data type is needed for DB table encryption.
- Implementation requires zero downtime. As such, high performance is ensured.
As it is still fairly new, there is still a lot to learn about MySQL Enterprise TDE. At this point in time, however, anything that offers top-notch security and protection would be a great addition to database technology. To learn more about it, you might want to check out a webinar led by MySQL’s Product Management Director Mike Frank.
Transparent Database Encryption is important because it helps make encryption of sensitive data in SQL databases quite simple. With MySQL Enterprise TDE now in place, we now have more reliable options to choose from.