Homework for general data protection regulation (GDPR)
The EU’s General Data Protection Regulation (GDPR) entered into force on 25 May 2018. It stipulates that personal data relating to EU citizens must be protected. The GDPR also applies to companies operating outside the EU that hold data on EU citizens. Anyone failing to comply with the provisions on data protection risks a heavy fine. Two kinds of measures are required to ensure compliance with the GDPR:
Companies are advised to appoint an internal data protection officer, who will help them to review their processes and to structure and classify their data. This is the first step. They must then protect data that come under the GDPR against unauthorized access.
Essential measures: Encryption and HSM
The measure explicitly mentioned in the GDPR for protecting data is encryption. That means that critical portions of customer data are obfuscated by encrypting certain fields, records, or everything. Encryption is an important first step. At the same time the encryption key must be protected. Without safekeeping the encryption key an encryption it is no better than locking your front door and then leaving the key on the doorstep so anyone can get in. To prevent a situation like this, encryption keys should be stored on a dedicated device known as a hardware security module (HSM).
Encrypting your database and storing the keys on an HSM is the best way to protect your data. Even if the database is stolen, the thieves will not be able to access the data because the encryption keys cannot be taken from the HSM. There are three options for encrypting your database: Transparent Data Encryption (TDE), a database encryption proxy or encryption of data sets in the processing application. Our story explains which methods of database encryption methods is most suitable for GDPR in a variety of scenarios.
Securing Oracle with Primus HSM
Oracle can easily be extended to encrypt data stored in its database. By adding the Transparent Data Encryption (TDE) Module and adding Securosys Primus HSM to manage the encryption keys Oracle databases are efficiently protected. The Oracle database and the Primus HSM are connected via the PKCS#11 provider. The benefits, including installation procedure are described in this solution brief.
With the help of the Securosys Primus HSM, a physical device to safeguard your digital cryptographic keys, and its supporting libraries implementing the standard APIs such as Microsoft’s Cryptographic Service Provider (CNG), Java JCE and PKCS#11, we have the necessary means to implement integrity, confidentiality and availability for any existing or new Oracle based application environment.
Securing any database with Centraya Proxy
Instead to invest in additional database modules, the Centraya OCDB/JCDB Proxy can be used to encrypt fields, records, or even full databases. Similar to the Centraya CASB solution, the proxy sits between the applications and the databases. Typical installations including setup, where you can decide which fields to encrypt, can be completed in hours.