Until recently, organizations typically only maintained a few encrypted databases. Those databases might store sensitive data like payment card numbers, social security numbers or even intellectual property like trading algorithms or coordinates for oil exploration. With only a nominal number of encrypted databases, managing encryption keys with an individual wallet wasn’t a particularly burdensome task.
Encryption as a Necessity for All Databases
Fast forward to today. With relentless cyberattacks amounting to an estimated five billion records exposed in 2018, CISOs across the globe are mandating more widespread encryption of data as almost every piece of data can be exploited if it falls into the wrong hands. With large enterprises and federal agencies running thousands of databases, encrypting databases with individually managed keys and wallets is no longer an option. A complementary and robust key management system built on the tenets of availability and scalability is needed now more than ever.
With Encryption Comes Key Management
We released Oracle Key Vault 18 last month, specifically to meet the demands of large organizations increasingly deploying encryption across massive swaths of their database environments, sometimes every single database. These organizations needed a robust way to manage keys, with a resilient, highly-available key management system that could scale globally. Oracle Key Vault 18, with multi-master clustering of up to 16 nodes, is optimized to serve keys for thousands of databases in geographically dispersed data centers without creating undue operational burden.
Consider the fact that each Oracle database using Transparent Data Encryption (TDE) checks the Master Encryption Key every three seconds (a heartbeat to ensure the external key store is available) plus every single time a new database process opens an encrypted tablespace. In a busy database, there may be hundreds of requests to the key management system for the Master Encryption Key every second. As a result, absolute continuous availability of the key management system is paramount to your databases - you can’t be down for one second. That’s why Oracle Key Vault 18 was developed for ultimate resiliency supported by uninterrupted failover, meaning your databases can always get the key they need without any user intervention.
When local wallets are replaced by centralized key management with Oracle Key Vault 18, the ‘transparency’ of Transparent Data Encryption further increases. Components like Oracle RAC databases, Oracle Data Guard, Oracle GoldenGate and others automatically know how and when to access shared keys in Oracle Key Vault 18. If your key management solution can’t do that, or it’s not available, the process is interrupted, causing outages that require human intervention, sometimes on weekends and after midnight, further increasing downtime and exacerbating the deleterious effect on operations.
Oracle Key Vault 18 can scale both horizontally and vertically to handle growing loads, without any database downtime. Scale horizontally by adding more read-write pairs or read-only nodes to the Oracle Key Vault 18 cluster as more departments or lines of business add their databases to the cluster, for example. The pre-existing cluster will continue to provide uninterrupted key management as additional nodes are added. Or, scale vertically by upgrading servers. Because Oracle Key Vault 18 is a soft-appliance, it can be installed on literally any size server. As your business and encryption needs grow, scale up your Oracle Key Vault 18 ecosystem without downtime for your databases.
Don’t Let One Solution Cause Another Problem
Demands for encryption have risen immensely in recent years. Yet, if you encrypt, but don’t manage keys well, that can cause problems with access.
Database encryption with Oracle Transparent Data Encryption gives you a secure foundation. Oracle Key Vault 18 allows you to further reduce risk and cut costs by consolidating encryption keys into a reliable, scalable, centralized key management cluster.
If management is telling you to start encrypting, rest easy knowing that you already have the answer that ensures the requisite levels of resiliency, availability and scalability to meet your organization’s needs.