Protegrity has been awarded a patent for a powerful new way to secure databases, enabling enterprises to comply with data protection regulations and security best practices with no impact on essential business processes.
United States Patent 7,490,248, developed by Ulf T. Mattsson delivers a continuous process for rotating encryption keys in relational databases, ensuring that initial encryption, real time updates and on-demand key changes will occur according to an enterprise’s specifications and without having to take business mission-critical systems offline.
Unless an organization establishes a systematic approach to generate, rotate and store its keys, its encryption activities will be largely futile. Unfortunately, while data encryption itself can be reasonably easy to achieve, efficient management of encryption keys across their lifecycle continues to be problem for many enterprises. A poorly implemented rotation process can create new data security vulnerabilities and may make critical data inaccessible even to authorized users.
Protegrity’s patented solution enables the process to be fully automated by way of metadata associated with each key’s ciphertext and supports both re-encryption of all historical data with the new key or the preference to leave historical data encrypted with previous keys untouched.
Encrypted items are assigned key life values which define the time period in which a key is valid. When the value expires the key is rotated and all associated data is either automatically re-encrypted – or any new data is automatically encrypted going forward – using the new key value.
Annual rotation of encryption keys is required by data security regulations such as PCI DSS while security best practices indicate that rotation should be performed far more frequently. (The PCI Security Standards Council has indicated more frequent rotations will be required in a soon-to-be released revision of the standard).