Lecture 7

Question 1

What is database encryption? (!!)

Answer 1

protecting databases by converting plaintext into cyphertext, with only authorized users being able to decrypt it.

Question 2

What are the 3 common types of encryption? (!!)

Answer 2

-Transparent Data Encryption (TDE): encrypts the entire database, even backups.

-Column-Level Encryption: encrypts specific columns.
(ex: credit card column)

-Application-Level Encryption: the application encrypts data before storing it, so that it is encrypted even in transit.

Question 3

What are 3 pros and cons to transparent data encryption? (!!)

Answer 3

Pros:
-Easy to use.
-Low impact on performance.
-Everything is protected.

Cons:
-Inefficient due encrypting everything.
-Losing key will make all data inaccessible.
-Not encrypted end-to-end.

Question 4

What are 3 pros and cons to column-level encryption? (!!)

Answer 4

Pros:
-Different key for each column.

-Efficiency as only sensitive data is protected.

-Compliance.

Cons:
-Lower performance due to decrypting specific columns.

-complexity: applications need to able to handle decryption.

-Key management.

Question 5

What are 3 pros and 2 cons to application-level encryption? (!!)

Answer 5

Pros:
-“end-to-end” encryption.

-Cloud Compatibility.

-Customizable: you can choose what to encrypt.

Cons:
-Performance issues: app will handle the encryption.

-Complexity.

Question 6

What are 3 best practices for database encryption?

Answer 6

-Strong algorithms.

-Regularly change keys.

-Restrict access to keys to mitigate insider threats.

Question 7

What is key management? (!!)

Answer 7

It’s creating, storing, and securing encryption keys to prevent risk to the database.

Question 8

What are hardware security modules (HSMs)?

Answer 8

They are devices that manage and protect encryption keys.

Question 9

What are 2 benefits of using hardware security modules (HSMs)?

Answer 9

-Strong security.
-Compliance.

Question 10

What are cloud key management services? (!!)

Answer 10

They provide scalable key management solutions on the cloud.

Question 11

Name 3 benefits of cloud key management services: (!!)

Answer 11

-Scalability.
-Smooth Integration with other cloud services.
-Lower costs.

Question 12

What are 3 key management best practices? (!!)

Answer 12

-Use dedicated key management tools.

-Restrict access to keys.

-Regularly change keys.

Question 13

What are 2 future trends in database encryption? (!!)

Answer 13

-Post-quantum encryption: protects against quantum computer threats.

-Blockchain-based encryption: decentralized, tamper-proof encryption.

Question 14

Encryption policies should cover 3 things, what are they?

Answer 14

-When and how encryption should be used.
-Who has access to the keys.
-How key management should be handled.