MySQL is probably the most popular open source database. While there is a wealth of discussion online for MySQL database encryption,doing it right in a cloud computing environment is tricky.
The discussion here is quite long, and contains a lot of interesting details. So if you want a spoiler: it is possible to achieve true confidentiality for your MySQL database today; using the industry best practice which is split-key encryption.
Cloud encryption for MySQL – Setting your goals
Before talking tech, it’s actually essential to understand what your goals are, and then how they relate to the technical solution for your MySQL database. Sometimes it is hard to get transparency when it comes to what goals are achievable with different techniques.
The classic goals of any information security solution are “CIA”, meaning
Looks old school, right? Here is a subtle point, specific to Cloud Computing: people tend to confuse the Confidentiality goal with
No Data Remanence: confidential data does not remain on a disk (in the cloud) after the disk is used
No Data Remanence is a great goal to have, but it is a subset of confidentiality; it’s easier to implement in the cloud, which is why it is perhaps oversold, but it gets you much less.
On the pro side, No Data Remanence does mean that if a cloud provider employee innocently loses your disk during maintenance, no harm is done. On the con side, it does not mean protection from hackers or malicious insiders trying to access your live data storage. For an independent view on this important issue, see “How to Tell If Your Cloud Provider Can Read Your Data”.
The bottom line: the majority of people considering a MySQL encryption solution in the cloud need full confidentiality, not just a data remanence solution. Only full confidentiality will make you compliant with HIPAA, PCI, SOX, SOC2, EU Data Protection Directives and other standards. Only full confidentiality will protect business and personal data. This point will become clearer as we discuss the techniques for cloud encryption and cloud key management available today.
MySQL and Cloud Encryption
There are several ways to encrypt MySQL databases in the cloud. We’ll discuss three; the first two target the storage “underneath” the MySQL database, while the third relies on the capabilities of the MySQL database itself.
How to compare these techniques? All of them allow you to use standard, well tested encryption techniques, such as AES. They differ as follows.
MySQL and Cloud Key Management
The entire industry accepts that Cloud Key Management is critical to the quality of security and encryption in the cloud. The question becomes “who do I trust?” Who can a cloud customer trust with the encryption keys?
One option is to store the keys in the cloud, either on the same cloud infrastructure you use for your data, or with a dedicated key management vendor. As noted by independent security analysts, you trust that the chosen vendor would keep your keys safe and won’t read your data. But recent security incidents highlight the obvious – security providers are themselves exposed to attacks. Recent examples include the VeriSign hack, and the RSA hack.
This discussion really goes to the heart of the Confidentiality issue we raised above. If you are satisfied with No Data Remanence, you can trust cloud providers or security providers. If you need confidentiality or compliance, you simply cannot. Bottom line: never trust anyone with your encryption keys!
An alternative to trusting a provider with your encryption keys is to store the keys back at the enterprise. That approach is tough for many MySQL users; the open source community thrives on its flexibility. Many users of MySQL in the cloud want a pure cloud model, without being tied down to a specific hardware configuration. A physical server deployment – back in the data center – results in an expensive solution in terms of software licenses, operational overhead, and the loss of important cloud advantages (such as scalability and elasticity).
Ideally, you need a solution that works 100% in the cloud, works with the major Cloud Encryption approaches noted above (an API is essential for supporting #3), has low management overhead, and yet leaves control in your hands.
Best practice is split-key encryption. The technique works in the cloud, yet gives you a “master key” which provides true control (that master key is your half of the “split” key). The result is – you trust no one. As noted by independent cloud experts, by protecting the keys to the kingdom using split-key encryption you can effectively eliminate the concern that keys cannot be secured adequately.
You should also make sure to use an implementation of split-key encryption that enables all the major Cloud Encryption approaches. The implementation you choose should
Achieving confidentiality for MySQL implementations in the cloud is possible today.