Server General KMS for MySQL

A Key Management Service for MySQL TDE customers

Overview

In 2016 Oracle added Transparent Data Encryption (TDE) feature to the MySQL server. With this new functionality in hand database administrators can now encrypt sensitive information stored in their MySQL database servers to ensure privacy and prevent data breaches. Moreover, the functionality is available for free in the MySQL Community edition. However, both the Community and the Enterprise edition lack proper key management. Oracle recommends the use of Oracle Key Vault (or any other KMIP compliant key locker) for managing MySQL master encryption keys. The cost of such a solution can run into tens of thousands of dollars - a small fortune for many small to medium sized businesses.

What is Server General KMS for MySQL?

Server General KMS for MySQL is a key management service for MySQL customers who want to use the TDE functionality but are not ready to take on the arduous task of building and managing an expensive key management system of their own. The service allows customers to offload their key management responsibilities to us. We have a global key management infrastructure that is managed by our security experts on 24x7x365 basis. We ensure that the encryption keys are stored securely and are available to authorized individuals when needed. Our key management procedures are designed to meet or exceed data compliance requirements of various regulations including that of the HIPAA/HITECH Act.
It usually takes less than 30 minutes to install and configure our service. The service is geared towards small to medium sized businesses.


key management

Server General KMS for MySQL addresses the following technical challenges:

Where to store the MySQL master encryption key?

The MySQL manual says: “Warning - The InnoDB tablespace encryption feature in non-enterprise editions of MySQL uses the keyring_file plugin for encryption key management, which is not intended as a regulatory compliance solution. Security standards such as PCI, FIPS, and others require use of key management systems to secure, manage, and protect encryption keys in key vaults or hardware security modules (HSMs).“

The above statement raises serious concerns for businesses that are using the MySQL TDE functionality without a proper key management solution. Additionally, it’s not sufficient to store the encryption keys at a safe place but to also make sure that they are available when needed to authorized key administrators and that every such access to the key vault generates an immutable log entry.

How to protect the MySQL encryption against a malicious ‘root’ user?

The MySQL server requires the encryption key to be available in cleartext when the server is restarted. Unauthorized ‘root’ or privileged insider can access the key during reboots. With the encryption key in hand such malicious users can read ePHI files directly. This technique can be used by untrustworthy ‘root’ user, or by an attacker who has gained the ‘root’ access to the server. It remains a hard problem to solve as most operating systems give unfettered access to the ‘root’ user.

How to protect the redo log, undo log and binary log files?

MySQL TDE provides no protection to ePHI stored in redo log, undo log and binary log files. Once an attacker is able to successfully compromise the server at OS layer they can easily read ePHI stored in these log files.

Do you want protect your data?

The Server General KMS can help achieve compliance with:

HIPAA/HITECH Act
PCI DSS Mandates
GDPR
FISMA
GLBA