Oracle has one of the best solutions for in-database encryption-decryption keys. It stores the keys, encrypted, in a table. For users with access rights, it decrypts the keys, which in turn decrypt the desired data. The downside, of course, is that you have unencrypted data on the network, but the benefit is making access to encrypted data secure. Not even the database administrator can see the unencrypted data--even the keys to get at the data are encrypted. This solution can be implemented in any of the major databases, and Oracle provides a secure key generator as well as other tools to get you started.
Another option is to add a third-party package, from a security company like nCipher or RSA Security, that encrypts the data on the way into the database and decrypts it on the way out. If you're building an e-business infrastructure, for instance, or if implementing encryption on your own isn't realistic, it makes sense to go with such an encryption-decryption product, which typically includes acceleration features. But bear in mind that vendor offerings vary in how they create and protect encryption-decryption keys.
Alternatively, you can store the keys on disk and give only the database admin the right to access the key file. This works so long as you can secure the file in question. Remember that for your data to be secure, the communication protocol must be secure as well, as in the case of SSL.
Make sure you have two "live" copies of the table you're working on--or at least send the data out to disk somewhere so you can reimport it later. Because you're encrypting live data, you need to be sure you can get it back to its original form quickly. Backups may work, but they're slower and not likely up-to-date.
Create a new column in your table for each field you intend to encrypt. Check with your encryption vendor to ensure that the fields are large enough to hold the encrypted data. Remove the old columns from the database, and give the encrypted columns their original column names.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
