Database Encryption on MariaDB 10.1

Security
22 September 5:20PM - 6:10PM @ Matterhorn 2

Duration: 
50 minutes conference
Databases can be treasure troves of sensitive information. They can contain customers' personal data, confidential competitive information, and intellectual property. Lost or stolen data, especially customer data, can result in brand damage, competitive disadvantage, and serious fines—even lawsuits. Many of today’s privacy mandates require protecting data at rest, and the database is an obvious place where data accumulates and is potentially accessible to range of business systems and users. Organizations can choose to encrypt data at the application level, the database level, or the storage level. Encryption at the lowest of these levels, the storage level—on the disk or tape—guards against risk in the case where storage media are lost, but it does little to protect against malicious insiders or systems infected by malware . Application-level encryption on the other hand represents the other extreme by providing the highest degree of control, but it may not always be a viable approach. Because of these tradeoffs, many organizations are increasingly turning to database encryption as offering the best of both worlds when it comes to protecting data at rest—the protection goes further than storage level encryption and also avoids widespread changes in the application layer. In this talk we present encryption features on MariaDB 10.1 where user can select the most suitable level of the encryption including: - Temporary files - Aria tables - InnoDB tablespaces - InnoDB tables - InnoDB log files - Binlogs Additionally, we will present some performance experiments on how much overhead different levels of encryption can cause to the applications.


Speakers

Chief Architect MariaDB, MariaDB Corporation
Sergei was a MySQL developer since 1998. From 1999 to 2009 in MySQL AB, Sun, then in Monty Program AB and MariaDB Corporation on MariaDB. During these years he has touched almost every part of the server. To list a few projects – fulltext search, XA, HANDLER, precision math library, parallel repair and bulk inserts in MyISAM, indexes in MERGE, pluggable authentication, password validation, encryption. Sergei is a primary architect of the plugin API and an author of the “MySQL 5.1 Plugin Development” book. Sergei was the MySQL Security Coordinator during all his time in MySQL AB and Sun Microsystems, and now is doing the same in MariaDB.

Slides