Many of today’s common databases, such as Oracle, Microsoft SQL, and others, have embedded encryption functionality that encrypts data-at-rest within the database. However, this approach for database encryption does not really address data–in–use, and the vast majority of databases lack the fundamental granularity and flexibility needed to deliver modern data security governance. This is why EncryptRIGHT® focuses on protecting data at the application level before the data is stored in a database.
Before data is ever stored in the database, EncryptRIGHT can apply a variety of different encryption or tokenization schemes to optimize the security posture of a specific dataset, instead of the one-size-fits-all approach of traditional database encryption. When applications access the secured information from the database, dynamic data masks can be applied to the data in real time based upon the application or user group that is accessing the data to ensure data privacy.
It’s always best to protect data before it gets to the database.
TDE Key Wallet
EncryptRIGHT® can also support cryptographic key management for multiple databases acting as a cryptographic key wallet. EncryptRIGHT stores and manages the Master Key used in the traditional approach to database encryption, leveraging Transparent Database Encryption (TDE) functionality embedded in the database. EncryptRIGHT® supports key management for TDE via Extensible Key Management (EKM) for MS SQL databases in Windows environments and via PKCS#11 for Oracle databases in Windows, Linux and Solaris environments. EncryptRIGHT also supports TDE with broader data protection functionality for DB2 databases in IBM i environments as well as through stored procedure calls supported by many databases.