What if you’ve built your app and now think about encrypting sensitive fields that it sends to the database and back? 🤔 Should you just enable the “at rest encryption” checkbox, use TLS, or add an extra encryption layer into your application code?
The first and second options make sense, the third one is not for everyone. ✨ Consider implementing transparent database encryption.✨
Database encryption works for transforming readable data into a ciphertext, aiming to protect it from unauthorized parties.
💡 When speaking about transparent data encryption, which is implemented, for example, in the Acra database security suite, we mean that encryption happens neither in the database nor in the app it speaks to. But where?—In Acra proxy!
Acra works as a SQL database proxy—so, your application communicates with the database via Acra which encrypts/decrypts sensitive fields. You can customize which fields to consider sensitive (PII, financial or regulatory-specific data), as well as what actions Acra should do (encrypt, searchable encrypt, mask, tokenize, etc.).
In such a way, the database never gets access to the plaintext data or encryption keys. That saves a lot of resources on development and requires minimum effort for protecting data.
You have encrypted data, using modern strong encryption, but you don’t deal with cryptographic code. Win-win. 😊
We designed Acra just like that. It doesn’t require any change in your app code. That is extremely useful when you have your infrastructure (apps, databases) already built.
💡 Acra is available for free on GitHub, suitable for small apps:
https://github.com/cossacklabs/acra
💡 And as a paid Enterprise license for security-sensitive products:
https://cossacklabs.com/acra
But how transparent database encryption works?
If you want to get deep into detail and learn more about database wire protocols, check out our new engineering blog post 👉 Transparent data encryption for SQL databases with Acra 0.93 👈
Top comments (0)