Introduction to Database Encryption and Access Control
Database encryption and access control is a security solution that safeguards sensitive data through encryption, utilizing gateway proxy technology.
As a proxy encryption gateway, the system is deployed between the database and client applications. Any access must pass through the gateway to implement data encryption and access control. Figure 1 shows the system networking scenario.
Encrypting Data
The system supports data encryption and integrity verification, meeting the evaluation requirements of graded protection and sub-protection as well as the evaluation requirements of storage data integrity and confidentiality assurance in the application and security evaluation of commercial cryptographic systems.
- Encryption algorithm: AES
- Integrity check algorithm: AES-GCM
Access control
The system has an access authorization mechanism independent of the database. Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.
The system allows system administrators, security administrators, and audit administrators to manage separation of permissions, enhancing database security and compliance.
Application Scenarios
Database encryption and access control can meet compliance requirements as well as sensitive database data protection requirements.
Meet the compliance requirements of national assessment.
The application system processes data based on user permissions. For legacy systems (the old system cannot be upgraded or reconstructed) and personal privacy protection issues required by the Cybersecurity Law are not considered during development, it is too complex to change the code, data privacy protection depends on external technologies.
Database encryption and access control can implement database encryption and comply with various laws and regulations.
Meets the requirements for protecting sensitive database data.
Database encryption and access control can effectively prevent data leakage caused by the leakage of high-privilege accounts and passwords of database administrators, such as DBAs. In addition, the system can prevent database files from being downloaded or copied due to external APT attacks or improper internal management, meeting sensitive data protection requirements of databases.
Functions
This section describes the main functions and related sections of database encryption and access control.
Feature/Update |
Function |
Related Chapters |
---|---|---|
Asset Management |
Allows users to add, delete, modify, and query database assets, test data source connectivity, and configure database read/write isolation, encryption mode, return value, and account permission detection. |
|
Sensitive Data Discovery |
Supports sensitive data scanning, sensitive data type management, and sensitive data industry template management. |
|
Business test |
Supports service simulation tests to simulate whether encryption and decryption can be performed properly. Supports service SQL traffic analysis by accessing the network before encryption, locates SQL statements that may be executed abnormally after encryption, and generates analysis reports. |
Simulated Encryption Test, Simulated Decryption Test, Service Test and Analysis |
Encrypting Data |
The data encryption module manages encryption and decryption tasks, authorizes client and database users to restrict user access, views and downloads encryption logs, rolls back table structures, manages encryption tables, and downloads bypass plug-ins. |
|
Dynamic data masking |
A masking algorithm can be configured for sensitive data to dynamically mask plaintext data. |
|
Key management |
Supports three-level key algorithms, key source configuration, key (DSK) periodic rotation update, KMS interconnection configuration, key record query, and key search. |
|
Platform management |
On the platform management module, you can configure basic network adapters and routes, upgrade the system, back up and restore configuration data, view application access records, and configure security passwords. |
|
System management |
|
|
Log management |
Allows users to view and search for logs of all operations in the system. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot