As businesses and enterprises are accumulating more data than ever, data breaches and data leaks have become the number one threat to companies which operate with client sensitive data, as well as for safeguarding company and trade secrets. This increase in database breaches has reinforced the need for companies to secure information through a complex layer of encryption. As such, database encryption has solidified itself as a standard data security procedure through which companies protect their data from being accessed and compromised by malicious actors.
Companies have at their disposal multiple techniques and encryption technologies that can be used to secure database systems:
Transparent database encryption (TDE) is an encryption mechanism used to encrypt data that is stored on physical media, namely data at rest. TDE encrypts data through single-key encryption. This encryption mechanism is referred to as being transparent because when data is queried and loaded, the content is automatically returned in a decrypted format. An advantage of TDE is that since the data is encrypted at the database level, it cannot be accessed without the proper key. The problem with TDE is that if the key is accessed by a malicious actor, they can access the contents of the database.
- Column level database encryption allows users to encrypt individual columns from the database using separate encryption keys. This approach to encryption is considered more secure because it is more difficult to access each table at the same time. However, there is a drawback: since each column requires a unique key, it may hinder search performance and slow down database indexing.
- Symmetric encryption is considered to be superior to TDE because it is faster and it requires users to have a copy of the private key in order to access the data. The main risk associated with this method is that the private key can be leaked or lost.
- Asymmetric database encryption addresses the issue of symmetric encryption by introducing another key. In asymmetric encryption, the public key is used to encrypt the data and a unique private key per user is used for decryption. The advantage of asymmetric encryption is that the private key doesn’t need to be shared, as encryption and decryption are done through separate keys.
Modex BCDB comes with default asymmetric database encryption mechanisms that can be configured by users to perform database encryption at the field or column level. As data security is a major concern for enterprises and businesses, Modex BCDB has been designed to answer a common issue of symmetric and asymmetric cryptography, key management. In order to prevent users from losing their private key and other credentials, the Modex BCDB system stores them on a separate blockchain network, the Authorization and Licensing network.