Nearly everyone owns data of immense value: customer data, construction plans, recipes, product designs and other information. These data are stored in clear text on your storage media. Everyone with file system access is able to read and modify the data. If this data falls into the wrong hands (criminals or competitors) this may result in serious consequences.
With encryption you protect Data At Rest (see the Wikipedia article). That way, the database files are protected against unauthorized access.
Encryption helps in case of threats against the database files:
Encryption provides no additional protection against threats caused by authorized database users. Specifically, SQL injections aren’t prevented.
All data that is not supposed to fall into possible attackers hands should be encrypted. Especially information, subject to strict data protection regulations, is to be protected by encryption (e.g. in the healthcare sector: patient records). Additionally data being of interest for criminals should be protected. Data which should be encrypted are:
There are currently three options for key management:
See Encryption Key Management for details.
© 2019 MariaDB
Licensed under the Creative Commons Attribution 3.0 Unported License and the GNU Free Documentation License.