Organizations take a lot of steps to protect their confidential data. Almost all security measures including encryption are considered only while transferring information on the wire not while storing it in the database. More often than not, it is stored as clear text in the database. In this article we see how database encrytion can enhance the security of our data.
The need to encrypt
These days information security has become essential for all organizations. Organizations take a lot of steps to protect their confidential data. Almost all security measures including encryption are considered while transferring information on the wire. But what about the data in the database? More often than not, it is stored as clear text in the database. Databases may contain a lot of sensitive data; loss of which can cause great damage to any organization. Also, database is the place where data resides most of the time. Hence, database encryption needs to be given high priority.
Defense in depth
Then why aren't all organizations opting for it? Organizations feel that they have more than enough access control mechanisms in place making it almost impossible for attackers to reach to the database. In reality these controls make it difficult for the attacker to reach the database but not impossible. Another important point that they overlook is, even if the attacker is not able to break through, the database administrator has access to all the clear text data stored. This definitely harms the confidentiality of information. If data is encrypted, we are safeguarding it against administrators and attackers who are able to break the access controls & get into the database.
Thus, encrypting critical data residing in database will add one more layer to an organization's IT security. It is always better to store data in some not-easily-guessable format.
The issues involved in encryption
- Encrypting whole DB Vs Specific Columns: Encrypting the whole database may not be a good solution. Consider indexed fields getting encrypted in this process. The database software will sort the indexed fields in the order that will not match the real un-encrypted form. Also, it will defeat the purpose of speeding up the access by preordering it.
Consider one more scenario when you are searching a particular row in a table which is full encrypted. Suppose, the table has three columns Employee 'ID', 'Name' and 'Salary'. Now if we search by 'Name', each time a row is fetched, the name needs to be decrypted first and then compared to the input. The overhead of decryption is considerable when the table is having thousands of rows. Moreover, there is actually no need to encrypt employee name and hide it from others. Instead, encrypting only the 'Salary' column will not cause any performance overhead and still will protect the employee salary information.
- Where to handle decryption, client side or server side: A better place to handle decryption is the client side, because even when the data is transmitted on the network, it will be transferred encrypted and anybody sniffing on the network will not be able to break it easily. For this, client applications should be capable enough and the existing ones may need to be modified. This may not always be realistic. This approach can be used for applications in the development phase. For existing applications, it may better to encrypt at server and use techniques like SSL for transferring it on the network.
- Securing Encryption Keys: The next important issue is protecting the encryption keys. One simple solution is to store all the keys in one flat file and let the related applications pick those up from the file. Apply NTFS permissions on this file and restrict access to needed applications only. One disadvantage of this approach is, if the administrator account is compromised, then the attacker will have easy access to the keys.
Second approach is to store all the keys encrypted in a table in the database itself. Oracle database provides this facility. It decrypts the keys for authenticated users and returns it back. These decrypted keys can then be used to decrypt the actual data.
- Extra Disk space and CPU cycles required: Encrypted data will be much more voluminous than the normal one. A 4 byte integer might become a 16 byte long character sequence. Thus, while using encryption, the required disk space and logical memory capacity needs to be ensured. Also, the extra CPU cycles consumed during the process of encryption/decryption should be considered.
Pros and Cons of DB Encryption
Encrypting the data in a database may not be a very good option if we look at the following considerations-
- Performance parameters
- Disk space requirements
- Application level development complexities
- Extra CPU cycles required to encrypt/decrypt data
On the other hand, if we consider the following parameters, we may be persuaded to go for database encryption
- Confidentiality of data
- The security risks the data is exposed to
- The damage that can be done to the organization
Some DB encryption tools
Tags: Best Practices