Data is one of the most critical intellectual assets in today's business, so it must be protected at all costs. That means protecting the transmission channels that enable data exchange, and protecting the data itself. You
can do your best to secure data repositories and network connections, but what happens if your network is hacked
or backup media is lost or stolen? Your best strategy is to secure the data itself.
OneNeck recommends that our customers encrypt sensitive data in the cloud using a Transparent Data Encryption (TDE) solution. TDE is designed specifically to protect stored data, i.e., data at rest, which means data is protected no matter where it is stored. TDE enforces access control and separation of duties while ensuring data privacy, even in a multi-tenant storage area. In addition to protecting stored data, TDE also ensures compliance with privacy regulations such as HIPAA, which requires secure data storage in a database or backup system.
To protect data at rest, TDE automatically encrypts and decrypts data stored in a database. The encryption keys are
created and managed by the database itself, which provides transparency to those authenticated for database access. At the operating system level, however, any attempt to access database files returns encrypted data, so the data is inaccessible to users who don’t have authenticated database access.
TDE offers other advantages for enterprise users. Since the database handles encryption, there is no added enterprise overhead, so it doesn’t affect network performance. TDE also doesn’t change the application itself.
Using OneNeck’s data encryption services, existing Oracle database processes will backup data protected with TDE without any modification. For example, if a column or tablespace is encrypted, the same data will remain encrypted when it is backed up.
The advantage is that TDE requires no additional time during backup for reencryption of the database. You also can choose to encrypt an entire tablespace of just designated columns.
Data encryption using a solution such as TDE protects data at rest, but what about securing data in transit? Adequate data protection requires multiple security strategies.
No matter what your enterprise architecture, protecting data in transit requires a different set of security tools. Every network requires layers of data protection, including access controls, data masking, and other techniques to handle authentication and protect data from access by unauthorized users. Data in motion needs to be encrypted, as does data in development or test environments, and archived data.
Contact us using the form below and we'll be in touch!