Jonathan Intner, solutions architect for data security company Vormetric, will be presenting at the New York Oracle Users Group meeting this month. He spoke to SearchOracle.com about encryption key management, what sensitive data is, and how that sensitive data might show up in surprising places.
What is encryption key management and how is it done properly?
Jonathan Intner: Key management is basically the managing of keys that control access to encrypted data. It includes activities like key rotation and proper storage of keys so they can be retrieved when needed. Essentially what is critical is making sure those keys and the encrypted data are together when they need to be together and separate when they need to be separate.
One situation I describe is, I was working with a customer who was securing data and then storing keys in a file on the same server. A consultant told them to back up the file whenever backing up the database. Well, that’s like locking your door but then taping the key to the doorknob. If you store the keys and the data together, there is significant risk that they will be too easy to access together.
What they could have done was maybe the keys are on the same database server but on a different directory. And maybe the keys are backed up manually, separate from the automatic backup procedure that backs up the sensitive data.
What is sensitive data? How should it be defined?
Intner: I started as a DBA by trade, and when I first started I didn’t really differentiate between sensitive and not-so-sensitive data. So a lot of DBAs care about protecting their data but want to give the same protection to all data, and that doesn’t work.
On the one hand, sensitive data is in the eye of the beholder. The sensitivity of the data depends on the risk it puts your business in if it were to be exposed. Another way to look at defining sensitive data is by looking at the regulations out there. Some data breach laws are general but some are very specific about what data is considered sensitive.
When it comes to Oracle databases, where does this sensitive data usually sit? Just in the database?
Intner: DBAs have to think about where the sensitive data might be. It might not be directly in the Oracle database but around it. Suppose there is a regular report on data security that alludes to sensitive data. Well that sensitive data might then be in the report. When you’re loading data into a database with an ETL, the data will classically reside on disks, and so the sensitive data is being loaded that way. Finally sometimes during the normal course of troubleshooting a problem, sensitive data could end up in the alert logs or trace files, and the DBA doesn’t even realize it’s there.