I recently came across a project where we had to evaluate different techniques suited for encryption of PII data at rest. Database is MySQL community 5.6, Red Hat enterprise OS. We had to encrypt (mask) PII information of customers. As of now data is hosted in local cloud. But we may have future plans to move to a third party cloud like Amazon.
We are talking about two threats, internal and external. Internal – we have support team accessing the database the data for fixes and reporting (slave) Also DBA or Linux root user who have special privileges. So PII needs to be masked from them. External – Mainly hackers, Amazon cloud admins if we move to their cloud environment. Finally we decided to have application layer to do the encryption/decryption. Here are the major factors that lead to the decision
|
Encryption Type
|
|||||
|
#
|
File system Encryption
|
Database level (TDE)
|
Application level
|
Column level privilege(with views)
|
|
|
1
|
Who is responsible
|
OS
|
MySQL EE
|
Application
|
DBA
|
|
2
|
who can access data
|
MySQL user(s)
|
MySQL users
|
application
|
Application, root, DBA
|
|
3
|
protects data from
|
stolen disk, hackers
|
file system hackers
|
everything
|
non Admin MySQL users
|
|
4
|
does not protect from
|
DBA, OPS
|
DBA, root user, OPS
|
DBA, root, access during changes
|
|
|
5
|
what can be encrypted
|
all required file systems
|
database file system
|
required fields
|
required fields
|
|
6
|
performance penalty
|
high
|
low
|
very low
|
nothing
|
|
7
|
protection strength
|
weak
|
strong
|
very strong
|
medium
|
|
8
|
application change required
|
No
|
No
|
Yes
|
No
|
|
9
|
Is backup encrypted
|
depends on the method (e.g. sqldump is not)
|
depends on the method
|
yes
|
No
|
|
10
|
protects from internal threat
|
no
|
no
|
yes
|
yes
|
|
11
|
protects from external threat
|
yes
|
yes
|
yes
|
depends
|
|
12
|
duration to encrypt existing data
|
long time
|
long time
|
depends which all fields
|
no time
|
|
OPS : support + dev team having mysql connectivity to the database
|
|||||
|
column level privilege – create views excluding PII data for support folks, this can be a different schema as well with only views present in there
|
|||||
This may not be very explanatory so let me know if you have any questions, I’ll try my best to answer them..
Praji
PlanetMySQL Voting: Vote UP / Vote DOWN
via Planet MySQL
Comparison of database encryption methods (for data at rest)