|By Gilad Parann-Nissany||
|November 30, 2011 01:15 PM EST||
Recently, in our post on Database security in the cloud, we reviewed the threats against database installations in the cloud and best practices for protecting your data. A number of customers have asked us follow-on questions:
- Which database brands are open and tested with these techniques?
- What are the most significant gotchas?
- What performance, scalability and fail-safe characteristics can they expect when securing their database in the cloud?
We have found that all the major relational database brands (MySQL, Oracle, Microsoft SQL Server, and IBM DB2, among others) can work well in this scenario. Essentially, the approach places an encrypted disk “under” the database engine, and from the engine point of view the encryption is transparent. This meshes well with most OLTP implementations and is extremely cost effective as well as simple to use.
In terms of gotchas and common errors, they are actually what you would expect. This is probably because the basic technique for encrypting databases in the cloud meshes well with common techniques that people use in data centers as well. The most significant step is simply to place the data files that underlie the database in a well defined folder, and make sure that folder is on your encrypted disk. Here are two examples for MySQL on Ubuntu, and Oracle.
Everybody asks the performance question. Again this is straightforward. It is a direct consequence of the cloud topology.
First, assess the expected throughput of your database. Second, assess the throughput possible in your cloud’s network. If the latter is higher than the former, the basics are in place.
Now you need to make sure your Encryption Appliance (for example, see Porticor) is able to handle that throughput. You need a supplier that can give you a range of sizes from free evaluation, through small testing projects to the largest behemoths.
Very important is the ability to scale securely, and to ensure fail-over. You need an approach that supports multi-instance clusters, is able to manage encryption keys securely in this clustered scenario, and is amenable to well-known techniques such as RAID.
If you follow these guidelines and bring up your encrypted database in the cloud, you’ll get a robust and enterprise-worthy implementation.
- Database Security in the Cloud
- Disruptive Innovations and the 'Internet of Things' | @ThingsExpo [#IoT]
- Securing Cloud Data from Cybercrime, Intrusion and Surveillance
- Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]
- MySQL in the Cloud
- Cloud Security – Implementing a Secure Cloud Backup Case Study
- Four Great Tips: Cloud Security for Big Data
- Answering Common Cloud Security Questions from CIOs
- Securing Your ‘Data at Rest’ in the Cloud
- Encrypted Cloud Storage – The Missing Piece