Why should I encrypt my data in MariaDB?

You are viewing an old version of this article. View the current version here.

Nearly everyone owns data of immense value: customer data, construction plans, recipes, product designs and other information. These data are stored in clear text on your storage meda. Everyone with file system access is ble to read and modify the data. If this data falls into the wrong hands (criminals or competitors) this may result in serious consequences.

With encryption you protect Data At Rest|. That way, the database files are protected against unauthorized access.

When does encryption help to protect you data?

Encryption helps in case of threats against the database files:

  • An attacker gains access to the system and copies the database files to avoid the MariaDB authorization check.
  • MariaDB is operated by a service provider who should not gain access to the sensitive data.

When is encryption no help?

Encryption provides no additional protection against threats caused by authorized database users. Especially SQL injections aren’t prevented.

What to encrypt?

All kind of data, that is not supposed to fall into possible attacker’s hands, should be encrypted. Especially information, subject to strict data protection regulations, is to be protected by encryption (e.g. in the healthcare sector: patient records). Additionaly data being of interest for criminals should be protected. Data which should be encrypted are:

  • Personal related information
  • Customer details
  • Financial and credit card data
  • Public authorities data
  • Construction plans and research and development results

How to handle key management?

The MariaDB key_file_management_plugin enables the configuration of keys in a file. The key file is read at system start and no additional access is needed during runtime. The security of the encryption depends on access restriction to the key file.

The example_key_management_plugin provides a blueprint to implement an own key management.

There are commercial solutions as well, like the eperi Gateway for Databases. eperi also provides additional information about the key management.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.