Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. Organizations must balance between the requirement for security and the desire for excellent performance. Encryption at the database level, versus application level and file level has proved to be the ideal method to protect sensitive data and deliver performance.
There are a multitude of architectures and techniques to improve performance: the alternatives fall into two broad categories – alternative topologies to decrease encryption overhead and techniques to limit the number of encryption operations. In addition, performance and security, in real-world scenarios, are complex issues and experts should be used who understand all available options and the impact for each particular customer environment. Every organization must protect sensitive data or suffer potential legislative, regulatory, legal and brand consequences.
Relying on perimeter security and database access control does not provide adequate security. Packaged database encryption solutions have proven to be the best alternative to protect sensitive data. This is a specialized and complex solution area and if internal resources don’t have the cryptography expertise in relation to IT environment, outside expertise should be used to ensure superior performance.
This paper reviews the performance aspects of three dominant topologies for database encryption. This paper offers detailed guidance on scalable implementations of data at rest encryption in an enterprise environment, including encryption, key management, backup, auditing and logging should be deployed to optimize security, performance, scalability, and administration.
Click here to download the full paper