N/APosted on - 02/09/2015
I am looking for the best encryption for DB2 that will work with very sensitive data. Which one of these would you recommend Transparent Encryption – Table Space – Column Level – or File Level? Is there any other levels that I should consider? Which one would you pick and why?
Best Encryption Options For DB2?
Encryption takes data into a condition or level that anyone cannot be interpreted or understood without access to the password, certificates, or decryption key. TDE or the Transparent Data Encryption is an encryption feature introduced in SQL Server 2008 and later versions. It is used for bulk encryption [data file, backup file, and log file] like for example in the entire database.
Once Transparent Data Encryption is enabled, it encrypts data into pages before writing it to the disk and decrypts when data is read from the disk. The best thing about Transparent Data Encryption is its being completely transparent to your application. It means no application code changes, only administrative change so that it can be enabled for a database.
A tablespace in a database, on the other hand, is a logical group of data files. Normally, there is at least one tablespace in a database and mostly there are 2 or more. The role or function of a tablespace in a database is similar to that of a folder in a computer hard drive.
There are database applications like the Oracle which automatically generate a tablespace called SYSTEM that stores the general information about the contents and structure of the database. The column-level encryption is another method or form of database encryption where the information in each cell or data field in a specific column can be accessed, read, or written using the same password.
Advantages of using column-level encryption include widespread use where the majority of the database administrators are familiar or accustomed to it and the capacity to simultaneously protect columns in databases that are present in different platforms. File-level encryption is one of the other methods of database encryption where individual files are encrypted in blocks or chunks based on the predetermined criteria.