Hey there, DBA squad! 
As a DBA, knowing your encryption ABCs is not just about ticking a box in your security checklist. It's about making informed choices that align with your database's specific needs and vulnerabilities.
Each type of encryption has its strengths, and understanding these can be your secret weapon in fortifying your database. So, buckle up as we decrypt the different types of encryption and why they matter to you.
Understanding different encryption types
Encryption, in simple terms, is like a secret code that keeps your data safe. But not all secret codes are created equal. Here are the main types of encryption and their superpowers:
Symmetric encryption
Symmetric encryption uses the same key for both encryption and decryption. Think of it as a single key that locks and unlocks your treasure chest. Two popular algorithms you may be familiar with are AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
The main strength of symmetric encryption is that it is fast and efficient making it ideal for encrypting large volumes of data quickly. It is great for scenarios where data doesn’t need to be transmitted over insecure channels. This is why this type of encryption is usually used for encryption at rest. Fujitsu Enterprise Postgres uses AES 256-bit encryption to encrypt data stored on disk.
Asymmetric encryption
Asymmetric encryption involves two keys - a public key for encryption and a private key for decryption. Well known algorithms include RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography).
The main strength of asymmetric encryption is that it is extremely secure, as the private key never needs to be transmitted or shared. This makes it ideal for encrypting data that needs to be sent over public networks or where secure key exchange is challenging. Asymmetric encryption is used for encryption in transit in Fujitsu Enterprise Postgres due to this strength.
Hash functions
Hash functions convert data into a fixed-size scrambled string of characters, regardless of the data’s original size. They are slightly different to the previously mentioned encryption types because they are one way. Common examples of hash algorithms are SHA (Secure Hash Algorithm), MD5 (Message-Digest Algorithm 5).
One of their strengths is that they are useful for validating the integrity of data. The output (hash) is unique to the input data, even a tiny change in data results in a completely different hash. This makes them useful for password storage, ensuring data hasn’t been tampered with, and digital signatures. PostgreSQL and Fujitsu Enterprise Postgres supports MD5 password hashing, though this has now been superseded with Salted Challenge Response Authentication Mechanism (SCRAM), a much more secure hashing algorithm.
Why understanding this matters for a Database Administrator
As a database administrator, you’re not just managing data; you’re also its guardian. Here’s why understanding these encryption types is critical:
- Tailored security strategy
Different data types and scenarios require different encryption methods. Knowing the strengths of each type helps you craft a security strategy that’s as unique as your data.
- Performance considerations
Encryption can impact database performance. Symmetric encryption, being faster, might be more suitable for high-volume transactions, whereas asymmetric encryption could be reserved for sensitive data requiring secure transmission.
- Compliance and standards
Various regulations and industry standards mandate specific encryption types and standards. A thorough understanding helps ensure compliance.
- Data integrity and confidentiality
Using the right encryption type ensures not just confidentiality, but also the integrity of your data.
Conclusion
In the world of database security, encryption is your silent, stalwart hero. Whether it’s symmetric encryption’s speed, asymmetric encryption’s security in open channels, or the integrity assurance of hash functions, each type plays a crucial role. As database administrators, understanding these types not only elevates our security game but also empowers us to make smarter, more informed decisions tailored to our database environments. Stay encrypted, stay secure!
Next in this series
My next article will discuss asset and risk management for DBAs, which are the first 2 activities to align with the National Institute of Standards and Technology's (NIST) Cybersecurity Identify pillar.
Want to know more? Then subscribe to be notified of new posts.
