how to encrypt personal data on database

0

Database is not encrypted (data at rest on cloud where customer's personal data is getting stored)

4 Risposte
0

You can have a look here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Encryption.html and this as example:

https://repost.aws/knowledge-center/rds-encrypt-instance-mysql-mariadb

From my experience encryption at rest is a must and usually using a customer managed KMS key fits most cases.

Some also perform client encryption, meaning that have the application programmatically encrypting/hashing/encoding the data before is saved in database, and decrypt/rehash/decide when is retrieved.

profile picture
ESPERTO
con risposta un anno fa
0

Hi, AWS RDS encrypts data at rest.

See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Amazon RDS can encrypt your Amazon RDS DB instances. Data that is encrypted at rest 
includes the underlying storage for DB instances, its automated backups, read replicas, 
and snapshots.

Amazon RDS encrypted DB instances use the industry standard AES-256 encryption 
algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. 
After your data is encrypted, Amazon RDS handles authentication of access and decryption 
of your data transparently with a minimal impact on performance. You don't need to modify
 your database client applications to use encryption.
profile pictureAWS
ESPERTO
con risposta un anno fa
profile pictureAWS
ESPERTO
verificato un anno fa
0

As Didier_AWS and alatech have suggested, you need to consider encrypting the whole DB instance. If you are referring to column-level encryption, it is supported only for RDS SQL Server.

AWS
con risposta un anno fa
0

Hello,

I assume you are referring to the Personal sensitive data which under PCI-DSS standard should be protected using strong cryptography with associated key management process and procedures. Amazon RDS do provide encryption at rest as explained in earlier suggestions using CMK and even with CloudHSM depending the RDS Engine type. For all of the database engines encryption (AES-256) and decryption are applied automatically and transparently to RDS storage and to database snapshots. You don’t need to make any changes to your code or to your operating model in order to benefit from this important data protection feature.

AWS KMS is FIPS 140-2 Level 2 certified however if you intend to use FIPS 140-2 Level 3 you can use HSM to meet more stringent compliance standard and regulations.

Please refer to this blog # https://aws.amazon.com/blogs/security/architecting-for-database-encryption-on-aws/ which has very detailed explanations and options you can use while migrating or building your Databases in AWS.

AWS
SSaxena
con risposta un anno fa
profile pictureAWS
ESPERTO
verificato un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande