mysql tde_MySQL :: MySQL Enterprise Transparent Data Encryption (TDE)

MySQL Enterprise Transparent Data Encryption (TDE)

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data by

enabling data-at-rest encryption in the database. It protects the privacy of your information,

prevents data breaches and helps meet regulatory requirements including:

Payment Card Industry Data Security Standard (PCI DSS)

Health Insurance Portability and Accountability Act (HIPAA)

General Data Protection Regulation (GDPR)

California Consumer Protection Act (CCPA)

And more

MySQL Enterprise Transparent Data Encryption (TDE)

Data at Rest Encryption

MySQL Enterprise TDE enables data-at-rest encryption by encrypting the physical

files of the database. Data is encrypted automatically, in real time, prior to writing

to storage and decrypted when read from storage. As a result, hackers and malicious users

are unable to read sensitive data from tablespace files, database backups or disks. MySQL

Enterprise TDE uses industry standard AES algorithms.

Encryption Key Management and Rotation

MySQL Enterprise TDE uses a two-tier encryption key architecture, consisting of a master

encryption key and tablespace keys providing easy key management and rotation. Tablespace keys

are managed automatically over secure protocols while the master encryption key is stored in

a centralized key management solution such as:

Oasis KMIP protocol implementations:

MySQL Enterprise TDE also supports HTTPS based APIs for Key Management such as:

MySQL enforces clear separation of keys from encrypted data using these centralized key

management solutions automate key rotation and storing historical keys.

Transparent Protection

Database table encryption and decryption occurs without any additional coding, data type or schema modifications. Also, users and applications continue to access data transparently, without changes. MySQL Enterprise TDE gives developers and DBAs the flexibility to encrypt/decrypt existing MySQL tables that have not already been encrypted.

High Performance

MySQL Enterprise TDE leverages database caching to achieve high performance and requires zero downtime to implement.