database-security-page-banner

Database Security

Thales' CipherTrust solutions employ transparent encryption and key management to secure all leading databases, including all versions of Oracle, SQL Server, DB2, Informix, Sybase, and MySQL.

Protecting Databases with Encryption

While there are many ways to protect sensitive data in databases, IT requirements for performance, availability and security can sometimes clash: will this security feature compromise database read and write performance? Can I be certain that the encryption key will always be available for fast read performance? For your database security needs, consider CipherTrust Data Security Platform, a solution that can provide high-performance, database encryption with an architecture that can provide high-availability to ensure that every database write and read happens at almost the speed of an unprotected database.

The Thales CipherTrust Data Security Platform provides the capabilities you need to encrypt and secure sensitive data in databases while avoiding the challenges traditionally associated with database encryption. The solutions available on the CipherTrust Platform will protect your growing database environment from both internal and external threats -- on-premises or in the cloud, no matter which databases you run.

Customers rely on CipherTrust Data Security Platform solutions to secure patient records, credit card information, social security numbers, and more. With CipherTrust Platform, you can discover and protect structured data stored in databases and applications as well as unstructured data kept in file servers.

  • Challenges
  • Solutions
  • Benefits

Data Visibility

Without knowing what data you have and where it lives, you can’t protect it effectively, which means your data is vulnerable. It can be a challenging process to categorize all the different types of data present across different databases and define appropriate policies for data management. Without some form of automation in scanning large data stores, it is extremely difficult to capture all the data that applies to the various privacy regulations and ensure that your database and usage is compliant. 

Database Reliability and Performance

Enterprises often suffer from performance issues when implementing poorly designed or inefficient database encryption tools. This negatively impacts end users and applications that rely on real-time access to data.

Insufficient Security Controls

Database encryption tools built with inadequate database encryption security expose the organization to fraud and data breaches. For example, when key management is handled within the database, the database administrator has control of both the data and key. Database encryption solutions also often disregard the risk posed by insider abuse and advanced persistent threats providing attackers the time they need to find and expose vulnerabilities.

Complex and Time-Consuming Key Management

As the database environment expands, so do the key management challenges. Using multiple key management tools is complex and increases the risk of errors and fraud. While database vendors offer key management functionality, this only works when the enterprise uses that vendor's specific databases.

CipherTrust Data Discovery and Classification

The crucial first step in compliance is to understand what constitutes sensitive data, where and how it is stored, and who can access it. Efficient scans enable you to build a strong foundation for your overall data privacy and security. No need to go to different vendors for disjointed solutions. Thales CipherTrust Data Discovery and Classification can efficiently locate most types of data across file servers and traditional databases including Oracle, IBM DB2 and Microsoft SQL Server.

CipherTrust Transparent Encryption

CipherTrust Transparent Encryption offers the capabilities you need to employ strong database encryption with minimal effort and performance implications. With CipherTrust Transparent Encryption, you can secure sensitive data in databases across your enterprise, whether you’re running Oracle, IBM DB2, Microsoft SQL Server, MySQL, Sybase, NoSQL environments, or any combination thereof.

CipherTrust Application Data Protection

For organizations that need to apply more granular encryption, including at the column or field level within databases, Thales offers CipherTrust Application Data Protection, which simplifies the integration of encryption into existing corporate applications. It uses standards-based APIs to perform cryptographic and key management operations. Users can choose between standards-based AES encryption and scheme-maintaining, format-preserving encryption (FPE).

CipherTrust Database Protection

CipherTrust Database Protection provides high-performance, column-level database encryption with an architecture that can provide high-availability to ensure that every database write and read happens at almost the speed of an unprotected database. databases with secure, centralized key management and without the need to alter database applications. Granular access controls ensure only authorized users or applications can view protected data. Granularity can be assured with a specific key for each column, and CipherTrust Manager provides a range of powerful access controls for each key while simultaneously assuring separation of duties, a crucial aspect of data security. 

CipherTrust TDE Key Management

CipherTrust TDE Key Management provides lifecycle management for Oracle TDE Master Encryption Keys and Microsoft SQL Server database encryption keys to meet compliance and best practice requirements.

Database Protection Without Noticeable Performance Impact

Thales CipherTrust Data Security Platform solutions are highly scalable and offer protection of your database environment without compromising performance. CipherTrust Transparent Encryption has been field tested in performance-intensive environments, with proven scalability to support 50,000 cryptographic transactions per second.

Seamless Implementation

Thales CipherTrust Data Protection enables high-performance, column-level database encryption without changes to your applications, infrastructure, or business practices, and makes it simple to extend application-layer encryption across virtual, cloud, big data, and traditional environments.

Improved Compliance Posture

Thales CipherTrust Data Discovery and Classification provides data discovery and classification, risk assessment, rich visualizations and detailed reports that enables rapid identification of regulated data, highlights security risks, and help you uncover compliance gaps. This makes it easy for your organization to uncover and close privacy gaps, prioritize remediation, and make informed decisions about privacy concerns.

  • Related Resources