It’s Eleven O’Clock. Do You Know If Your Organizational Data Is Safe? May 8, 2018 Juan C. Asenjo | Thales eSecurity Global Partner Marketing More About This Author > Data is increasingly amassed and harnessed to accelerate organizational transformation in the new digital economy. But because databases can hold sensitive details, protecting them is imperative. Unprotected data at rest is an attractive target for cybercriminals, and in today’s ever more distributed environment, not a week goes by without hearing of a new data breach. Compromised databases have severe impacts on corporate reputation and brand image. Notification requirements, remediation processes, and liabilities add significant cost to enterprise operations. Moreover, far-reaching security mandates such as the General Data Protection Regulation (GDPR), are becoming stricter and imposing severe fines. Cybercriminals are constantly upping their game with more sophisticated attacks, including advanced persistent threats (APTs) and attacks across more distributed environments. As I have highlighted in previous blogs, all this is forcing organizations to rethink their cybersecurity strategies and invest more in data security to manage their risks and protect their reputation. The Challenge Securing data stored in databases can affect availability to applications, and the ability to deliver at high performance. Traditionally deployed on-premises and now increasingly across cloud-based environments, the volume of data used by organizations to conduct business has been steadily increasing. With huge new sources of data now feeding corporate databases through a connected ecosystems empowered by the Internet of Things (IoT), protecting this data has become critical. How do you ensure your data is safe in such a heterogeneous and dynamic environment? Database Security To protect critical data from external and internal threats, organizations must implement a layered security approach that establishes access control policies, monitors activity, secures the confidentiality and integrity of the data, and ultimately safeguards and manages the cryptographic keys used for encryption. Encryption of data at rest is a best practice that can facilitate compliance with data security regulations such as GDPR and the Federal Information Security Management Act (FISMA) among others. Designed and implemented correctly, encryption of data at rest can provide robust security with minimal impact on operational efficiency. Safeguarding and maintaining cryptographic keys is an essential part of any encryption strategy, because, with the keys, a cybercriminal can return encrypted data to its original clear-text state. Encryption key management includes generation, exchange, storage, use, destruction and replacement of keys. With growing volumes of data used to conduct day-to-day business, protecting databases and managing exponentially larger numbers of encryption keys becomes a challenging endeavor. As with databases, keys must not only be protected but available to applications when needed to ensure operational performance. Database Security Solutions Many organizations use Thales eSecurity’s Vormetric Transparent Encryption to protect their data at rest. In addition, popular commercial database solutions, such as those offered by IBM, Microsoft, Oracle, SAP, and others, make use of “native” or built-in data encryption capabilities to protect the confidentiality and integrity of sensitive data. These solutions also ensure the data is always available, and provide auditing mechanisms to ease regulatory compliance. Cryptographic Key Security Solutions Hardware Security Modules (HSMs) are hardened, tamper-resistant devices that strengthen encryption practices by generating keys, and encrypting and decrypting data. Thales eSecurity nShield HSMs are certified to FIPS 140-2 Level 3 and Common Criteria EAL4+, and are used to: Enforce key use policies by separating the security functions from administrative tasks Achieve high levels of data security by ensuring keys are always available when needed Maintain high service levels and agility by delivering superior performance for applications Enhanced security through transparent data encryption with key management delivered by hardware security modules (HSMs) provides a root of trust and a certified solution that facilitates auditing and regulatory compliance. What’s in it for You? Thales enhanced security solutions, including Vormetric Transparent Encryption and nShield HSMs, complement native database engine capabilities. Providing plug-and-play features that enable added operational, security, and compliance benefits, their implementation can enable auditors to see how data and keys are protected, limiting the scope of regulation and reducing cost. To learn how Thales and its partners can help you secure sensitive data and comply with privacy and regulatory mandates click here. To ensure you stay #FITforGDPR take our free readiness assessment.