Transparent Data Encryption: New Technologies and Best Practices for Database Encryption

by Tanya Baccam
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication best practices encryption & vpns

Encryption is a key control that receives a lot of attention in organizations today. Organizations know they need to encrypt sensitive and regulated data. Encryption can help prevent data loss or theft, as well as prevent fraud within an organization. In some cases, encryption is also used to meet regulatory requirements for consumer data protection. Many organizations have felt the pain when encryption controls haven’t been implemented the way they should be within the organization, and data has been lost. There have been many situations over the years in which backup tapes have gone missing, either lost of stolen, and their sensitive data was not encrypted. A server can also be compromised, resulting in information being leaked. In any of these cases, there may be regulatory requirements to report the data leaked. To this end, more and more organizations are seeking to protect data, just in case it is leaked, by encrypting data within the environment (see Figure 1).