In a world where the number of cyber threats is constantly increasing, the protection and security of confidential information from unauthorized access and cyber-attacks becomes a critical task for business continuity, maintaining reputation and financial stability.
Therefore, MySQL Enterprise Edition has the following data security features:
MySQL Enterprise Edition is ready to use external authentication modules for easy integration with existing security infrastructures, including Linux Pluggable Authentication Modules (PAM) and Windows Active Directory authentication modules. By authenticating MySQL users from centralized directories, organizations can implement single sign-on. It is possible to use the same usernames, passwords and permissions. This makes MySQL administrators more productive by eliminating the need to manage credentials on separate systems. It also helps to make the IT infrastructure more secure by leveraging existing security rules and processes (such as identifying weak passwords and managing password expiration).
To protect sensitive data throughout its lifecycle, MySQL Enterprise Encryption provides industry-standard functionality for asymmetric encryption (public key cryptography). MySQL Enterprise Encryption provides encryption, key generation, digital signatures, and other cryptographic functions to help organizations protect sensitive data and meet regulatory requirements.
MySQL Enterprise Encryption enables:
MySQL Enterprise Transparent Data Encryption (TDE) protects sensitive data by encrypting data at rest in the MySQL Enterprise Edition database. This option protects information privacy, prevents data leakage, and helps meet regulatory requirements:
MySQL Enterprise TDE provides data encryption at rest by encrypting physical database files using standard AES algorithms. Data is automatically encrypted in real-time before writing to storage and decrypted when reading from storage. As a result, hackers and attackers cannot read sensitive data directly from database files.
MySQL Enterprise TDE has a two-tier encryption key architecture consisting of a master encryption key and tablespace keys, which provides easy key management and rotation. Tablespace keys are managed automatically through secure protocols, and the master encryption key is stored in a centralized key management solution.
Database table encryption and decryption is accomplished without any additional coding or schema modifications. In addition, users and applications continue to access data transparently.
MySQL Enterprise Masking and De-identification provides MySQL Enterprise Edition users with an easy-to-use built-in solution that helps protect sensitive data from unauthorized use by masking and replacing real values with substitutes.
Masking and de-identification in MySQL Enterprise Edition allows:
Data masking in MySQL Enterprise Edition is implemented on the MySQL Server itself, so the masking logic is centralized and has minimal impact on performance.
Masking and de-identification in MySQL Enterprise Edition can hide or mask sensitive data by controlling how the data is displayed. The functionality includes robust masking algorithms, including selective masking, obfuscation, random data replacement, and other special techniques for credit card numbers, invoices, and other personal information, allowing IT departments to maintain structured rules for de-identifying values. MySQL Enterprise's masking and de-identification features include:
MySQL Enterprise Firewall option protects against cyber-attack threats by providing real-time protection. Any application that enters user data, such as login fields and personal information, is at risk. Database attacks come not only from applications, but from many other sources, including SQL virus attacks or misuse by employees.
MySQL Enterprise Firewall protects MySQL Enterprise Edition data by monitoring, warning, and blocking unauthorized database activity without any application changes. MySQL Enterprise Firewall provides multiple modes of operation to help administrators block, detect, and respond to malicious database attacks:
MySQL Enterprise Firewall blocks SQL-Injection attacks that can lead to the loss of valuable personal and financial data. Whitelisting, real-time threat monitoring, SQL statement blocking, and alerts allow DBAs to protect data assets.
MySQL Enterprise Firewall monitors database threats in real time. All incoming queries are passed through the SQL parsing engine and mapped against an approved whitelist of expected SQL statements. SQL attacks are blocked if they do not represent the expected statements.
Assertions that do not match the approved whitelist are blocked, logged, and can be analyzed to help block a potential SQL injection attack. This provides database administrators with valuable information to prevent malicious attacks, credential theft, and data loss.
In order to comply with regulatory requirements in the medical, financial, government and other sectors regarding the processing and storage of personal data, logging, archiving and on-demand access to audit logs that store data on viewing and working with the most sensitive data are mandatory and acted with them.
MySQL Enterprise Audit provides an easy-to-use auditing solution that helps implement more effective security controls and meet regulatory requirements.
MySQL Enterprise Audit provides database administrators with the tools they need to add auditing requirements:
For all questions about Oracle products, please contact oracle@erc.ua