4 must-have database security essentials

used with permission from IBM Big Data & Analytics Hub
by Roger Sanders

How do you keep data protected at all times? Data security threats are becoming ever more prevalent and powerful, and security is a critical part of any database environment. But are you giving security diligent attention every time you build, upgrade or migrate your organization’s database? To help ensure your data is insulated from the latest internal and external threats, here are my top four must-have security capabilities.

1. Cloud security

Many organizations are deploying databases in the cloud, either entirely or as part of a hybrid environment, to help reduce capital IT expenditures and conserve on-premises data center resources. If cloud computing is in your plans—or already in use at your organization—be sure your cloud database offers data protection that’s as strong as its on-premises equivalent. Your on-premises database instances should also be able to replicate data to the cloud, which can be your fail-safe in the event of a primary data center disaster. Consider a managed cloud solution from a reputable provider as a way to help ensure your data is just as safe or safer on the cloud as it is within your own data center.

2. Built-in encryption

By encrypting data, you have a way to keep sensitive information secure even if it is lost or stolen because only authorized users can access the data in an intelligible form. Look for encryption that is built into the database and that doesn’t require the purchase of an add-on encryption solution. All data should be encrypted automatically by the database and decrypted only when an authorized user is working with it.

Encryption is mandatory for compliance with many government regulations and industry standards, ranging from the Health Insurance Portability and Accountability Act (HIPAA) to the Payment Card Industry Data Security Standard (PCI DSS). Your database should not only protect data at rest, but it should also provide Secure Sockets Layer (SSL) capabilities to protect data as it moves through the network.

3. Central master key management

Unscrambling encrypted data so your organization can use it often requires a master encryption key. Many database solutions keep this master key on the same server as the database. But your database backup server and application servers may also need to use the key—and having copies of a master key on multiple servers creates more exposure to risk. To avoid this problem, look for a database that can take advantage of centralized master key management. Managing encryption keys in a central repository protects the keys while facilitating safe access and use by your organization’s servers.

4. Hardware encryption acceleration

Whether you’re running servers with x86 or IBM POWER processors, you’ll want to take advantage of the processor technology to boost database performance whenever encryption is used. Intel processors and IBM POWER8 processors offer hardware acceleration that can speed up data encryption and decryption, and ultimately accelerate application performance. You’ll want to make sure your database software can automatically take advantage of any acceleration technology built into the CPUs of the servers you use.

IBM DB2 databases meet all these requirements and more with new and updated database security features.