Column level encryption is a type of database encryption method that allows user to select specific information or attributes to be encrypted instead of encrypting the entire database file. To understand why column level encryption is different from other encryption methods like file level encryption, disk encryption, and database encryption, a basic understanding of encryption is required.
Generally, when data are being collected and stored as records, those records will appear in a tabular format in rows in the database with each rows logging specific attributes. Some data can be more sensitive than others, for example, date of birth, social security number, home address, etc., which can act as a personal identification. In order to ensure that these private information is transferred and stored securely, data goes through encryption, which is the process of encoding plaintext into ciphertext. Non-designated readers or receivers will not be able to read the data without the decryption key. Another example to illustrate this concept is, given a database stores client's phone numbers. The set of phone numbers will appear to most readers as gibberish alphanumerical text with a mix of symbols, totally useless to those who do not have access privilege to view the data in plaintext (original form).
Because not all stored data are always sensitive and important, column level encryption was created to allow users the flexibility in choosing what sort of attributes should or should not be encrypted. This is to minimize performance disruption when executing crypto algorithms by moving data in and out of devices.
Application and advantages
The technology has been adopted by many encryption software companies around the world, including IBM, MyDiamo (Penta Security), Oracle and more. Column level encryption does not store the same encryption key like table encryption does but rather separate keys for each column. This method minimizes the probability of unauthorized access.
Advantages of column-level encryption
Advantages of column-level encryption:[1]
- Flexibility in data to encrypt. The application can be written to control when, where, by whom, and how data is viewed
- Transparent encryption is possible
- More secure as each column can have its own unique encryption key within the database
- Encryption is possible when data is active and not just “at rest”
- Retrieval speed is maintained because there's less encrypted data
References
- ↑ "Differences Between Whole Database and Column Encryption". NetLib Security. 2016-01-21. Retrieved 2018-07-30.