Securing your business data with native encryption
Nishant Vyas, Head of Products and Strategy, MariaDB
Cybercrime is on the rise like never before, and so are the new regulations designed to protect enterprise and personal data. Headlines generated by the recent TalkTalk hack reinforced data security as an urgent issue for businesses. Unprotected data can lead to irreparable brand damage, loss of customer trust, legal liability and lost revenues.
Companies are accustomed to investing in antivirus and security analytics, but often overlook protecting data as it moves between applications and where it rests within the database. After UK mobile telecoms provider TalkTalk was hacked, customers asked if their data was encrypted. TalkTalk stated it was “not legally required” to encrypt customer data, raising customer concerns that their data was now easily accessible to the hackers. While it may not be legally required, it’s good business practice to encrypt data within the database, and have auditing processes and modern security policies in place to protect sensitive personal data.
Regulators have been listening to these customer concerns and have become more proactive in creating data protection regulations for the digital age. European regulators are especially vocal on the topic of data protection. There are plans afoot for an EU-wide General Data Protection Regulation (GDPR) within the next twelve months. Organisations holding personally identifiable data should be looking at establishing best security practices across the whole enterprise.
Obvious data security risks to avoid include weak passwords or employees using unsecured networks. To instil good practice there should be regular audits led by an independent team, who can review and critique the security process and match them to the risk appetite of the business. When companies review their security practices, a critical software capability they should have in place is native database encryption.
Native encryption is built into the database itself and does not rely on third-party solutions to provide encryption to the data storage layer. Using non-native solutions requires companies to deploy, configure and manage one more component in the security architecture and increases operational overheads. This isn’t the case for native encryption which is embedded in the database software. An additional advantage of natively encrypting data is that it covers temporary tables and binary log files that are used to manage data changes.
With any encryption solution, encryption key management is crucial. To enforce good key practices, a native encryption system should provide rolling keys that expires at certain intervals, making it much more difficult for unauthorised persons to access data. In addition, the key management system should store keys independently of the data.
Another consideration when selecting an encryption solution and indeed a broader data management solution is whether the solution is open source or proprietary. Today, many organisations prefer using open source over proprietary software given the greater transparency open source technology has over patches and updates. This is important for a security strategy in that open source solutions provide greater visibility to security issues and their solutions.
Businesses around the globe are looking for how best to secure their data as the threat of cyber-attacks increases. Native encryption should be a key arrow in the quiver for protecting your business.