Weitere ähnliche Inhalte Ähnlich wie MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements (20) Mehr von Olivier DASINI (7) Kürzlich hochgeladen (20) MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements1. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
MySQL & GDPR
Privacy and Security requirements
Olivier Dasini
MySQL Principal Solutions Architect EMEA
olivier.dasini@oracle.com
Twitter : @freshdaz
Blog : http://dasini.net/blog
2. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated
into any contract. It is not a commitment to deliver any material, code,
or functionality, and should not be relied upon in making purchasing
decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole
discretion of Oracle.
2
3. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Me, Myself & I
➢
MySQL Geek
✔ Addicted to MySQL for 15+ years!
✔ Playing with databases for 20+ years
➢
MySQL Writer, Blogger and Speaker
✔ Also former : DBA, Consultant, Architect, Trainer, ...
➢
MySQL Principal Solutions Architect EMEA at Oracle
➢
Stay tuned! :
✔ Twitter : @freshdaz
✔ Blog : http://dasini.net/blog
3
Olivier DASINI
4. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
89%
of Organizations Experienced Data
Breaches, According to New Ponemon
Report
Source: Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data,
conducted by Ponemon Institute
4
66%
of the largest businesses in the UK have
suffered a cyberattack or data breach
within the past twelve months
Source: UK government's Cyber Security Breaches Survey 2016
25%
experience a repeated breach at least one
a month
Source: UK government's Cyber Security Breaches Survey 2016
5. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Mega Breaches
429 Million identities
exposed in 2015.
75%
Web sites with vulnerabilities.
15% of all websites had a
critical vulnerability.
9
In 2015, a record of nine
mega-breaches were
reported.
One worlds largest 191M.
(Mega-breach = more than 10 million
records.)
Mobile Vulnerabilities on
the rise – up 214%
Infection by SQL Injection
still strong.
Malware attacks on
databases
5
Source: Internet Security Threat Report 2016, Symantec
6. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Cost of Data Breaches
6
Source: Ponemon Institue, 2018
$0
$1,000,000
$2,000,000
$3,000,000
$4,000,000
$5,000,000
$6,000,000
$7,000,000
$1,900,000
$2,800,000
$4,600,000
$6,300,000
Small to Medium Breaches
Records
20 Million 30 Million 40 Million 50 Million
$0
$50,000,000
$100,000,000
$150,000,000
$200,000,000
$250,000,000
$300,000,000
$350,000,000
$400,000,000
$199,830,000
$279,310,000
$325,270,000
$350,440,000
Mega Breaches
Records
7. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Poor Configurations
– Set controls and change default
setting
• Over Privileged Accounts
– Privilege Policies
• Weak Access Control
– Dedicated Administrative Accounts
• Weak Authentication
– Strong Password Enforcement
• Weak Auditing
– Compliance & Audit Policies
• Lack of Encryption
– Data, Backup, & Network Encryption
• Proper Credential & Key Management
– Use mysql_config_editor , Key Vaults
• Unsecured Backups
– Encrypted Backups
• No Monitoring
– Security Monitoring, Users, Objects
• Poorly Coded Applications
– Database Firewall
Database Vulnerabilities
7
8. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Database Attacks
• SQL Injection
– Prevention: DB Firewall, White List, Input Validation
• Buffer Overflow
– Prevention: Frequently apply Database Software updates, DB Firewall, White List, Input Validation
• Insider Abuse
– Prevention: Tight Access Controls, User specific authentication, Auditing, Monitoring, Encryption
• Brute Force Attack
– Prevention: lock out accounts after a defined number of incorrect attempts.
• Network Eavesdropping
– Prevention: Require SSL/TLS for all Connections and Transport
• Malware
– Prevention: Tight Access Controls, Limited Network IP access, Change default settings, Encryption
8
9. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Complexity grows, Risk Grows
9
10. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Security Improvements
• Test/Demo database has been removed
– Now in separate packages
• Anonymous account creation is removed.
• Creation of single root account – local host
only
• Default installation ensures encrypted
communication by default
– Automatic generation of SSL/RSA Certs/Keys
• For EE : At server startup if options Certs/Keys were not set
• For CE : Through new mysql_ssl_rsa_setup utility
• Automatic detection of SSL Certs/Keys
10
• Client attempts secure TLS connection by
default
• Compile time restriction over location used
for data import/export operations
• Ensures location has restricted access
• Only mysql user and group
• Supports disabling data import/export
• Set secure-file-priv to empty string
MySQL Installer for Windows includes various Security Setup and Hardening Steps
11. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Improving MySQL Access Controls
• Easier to manage user and applications rights
• As standards compliant as practically possible
• Multiple default roles
• Export the role graph in GraphML
– Visualize with ROLES_GRPHML()
11
Directly
Indirectly
Set Role(s)
Default Role(s)
Set of
ACLS
Set of
ACLS
SQL Roles
12. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Password Features
• Password history - provides DBAs more password management
– Require new passwords not reuse old ones - By number of changes and/or time.
– Establish password-reuse policy globally as well as on a per-account basis.
• SHA2 with Caching
– Strong and Fast
– Strong - SHA-256 password hashing (many rounds, seeds, …)
– Fast - Caching
• Greatly reduces latency
– https://mysqlserverteam.com/upgrading-to-mysql-8-0-default-authentication-plugin-considerations/
• Supports for more connection protocols
• Seamless RSA password-exchange capabilities (No linking OpenSSL)
12
13. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Password Features
• New! Current password required for SET PASSWORD (8.0.13+)
– Enhances the security by authorizing the users to change their password only if they could provide the
current password
– The new behavior is controlled by password_require_current column in the mysql.user table for
every user
– https://dev.mysql.com/worklog/task/?id=11544
13
14. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
8.0: File and Tablespace Encryption
• AES 256 encryption of UNDO and REDO Logs
• Super Simple to manage - Set
– innodb_undo_log_encrypt=ON/OFF
– innodb_redo_log_encrypt=ON/OFF
• And
– ON - Pages written after setting are encrypted
– OFF - Pages written after setting are not
14
• New! Support Transparent Data Encryption for Shared Tablespaces (8.0.13+)
– Extends tablespace encryption to general/shared tablespsces
– Encryption ON/OFF can be specified either at create time or later with the SQL Syntax
●
CREATE/ALTER TABLESPACE my_tablespace ENCRYPTION='Y'/'N'; (default is unencrypted)
• Encryption is handled at the tablespace level, so either all or non of the tables in the tablespace is
encrypted
• https://dev.mysql.com/worklog/task/?id=9286
15. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Regulatory Compliance
• Regulations
– PCI – DSS: Payment Card Data
– HIPAA: Privacy of Health Data
– Sarbanes Oxley, GLBA, The USA Patriot Act:
Financial Data, NPI "personally identifiable financial information"
– FERPA – Student Data
– General Data Protection Regulation: Protection of Personal Data (GDPR)
– Data Protection Act (UK): Protection of Personal Data
• Requirements
– Continuous Monitoring (Users, Schema, Backups, etc)
– Data Protection (Encryption, Privilege Management, etc.)
– Data Retention (Backups, User Activity, etc.)
– Data Auditing (User activity, etc.)
15
16. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Introduction
16
https://ec.europa.eu/info/law/law-topic/data-protection_en
17. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Appropriate Security Controls
Data must be processed with controls that provide
“Privacy by design, appropriate security & confidentiality“
– Recitals of note - R74-78, R81, R83, R87, R90, A5, A24-25, A28, A32, A35)
• Exact security controls are not specified in the GDPR
– WHAT to do
– Not HOW to do it
17
18. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
EU General Data Protection Regulation (GDPR)
• Data privacy as a fundamental right
• Defines Data protection responsibilities, baselines, principles
• Provides Enforcement Powers
Focus is on 3 Areas (but common them for Regulations)
• Assessment – Processes, Profiles, Data Sensitivity, Risks
• Prevention – Encryption, Anonymization, Access Controls, Separation of Duties
• Detection – Auditing, Activity monitoring, Alerting, Reporting
18
19. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
GDPR and MySQL
• We can’t be entirely prescriptive
• We have many things that can be applied towards attaining compliance
– Products
– Features
– Best Practices
– Documents
– Integrations
19
20. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. | 20
MySQL Security Overview
Authentication
Authorization
Encryption
Firewall
MySQL Security
Auditing
Masking/De-Identification
21. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Assess Security Risks
21
Discover
Personal
Data
Scan
Security
Configuration
Privilege
Analysis
22. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Assess - MySQL Enterprise Features and GDPR
• Assess Risks (Articles 35, 90, 91)
– MySQL EnterpriseMySQL Enterprise MonitorMonitor
• Account assessment and reporting
• Identifies Security Vulnerabilities – discover security holes, advises remediating actions
– Advisors provide rules designed to enforce security best practices and alert upon discovering vulnerabilities
– MySQL EnterpriseMySQL Enterprise WorkbenchWorkbench
• Discover tables and columns containing “Personal Data”
• Data Modeling tool - Reverse Engineering of Data Model to review data stored in the database
• Schema Inspector, Table Inspectors – for schema assessment, grant inspection
– MySQL Security Best Practices Guidelines
• https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/
• https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/
22
23. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Monitor
• Enforce MySQL Security Best Practices
– Identifies Vulnerabilities
– Assesses current setup against security
hardening policies
• Monitoring & Alerting
– User Monitoring
– Password Monitoring
– Schema Change Monitoring
– Backup Monitoring
– Configuration Management
– Configuration Tuning Advice
• Centralized User Management
23
"I definitely recommend the MySQL Enterprise Monitor to DBAs
who don't have a ton of MySQL experience. It makes monitoring
MySQL security, performance and availability very easy to
understand and to act on.”
Sandi Barr
Sr. Software Engineer
Schneider Electric
24. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Administrative Privileges
• Database Privileges
• Session Limits and Object Privileges
• User privileges
– Creating, altering and deleting databases
– Creating, altering and deleting tables
– Execute INSERT, SELECT, UPDATE, DELETE queries
– Create, execute, or delete stored procedures and with what rights
– Create or delete indexes
24
Security Privilege Management in MySQL Workbench
MySQL Enterprise Monitor
Assess MySQL Authorization
25. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Assess your data and data model using MySQL Workbench
25
26. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Prevent - MySQL Enterprise Features and GDPR
• Prevent Attacks (Articles 32, 83, 28, 26, 5, 20, 27, 30, 64)
– MySQL Enterprise Security – Encrypt Data-at-rest using Transparent Data EncryptionTransparent Data Encryption
• Includes Key Management; Protects Tablespace via Encryption, Keys via Key Manager/Vault integration
– MySQL Enterprise Security – Masking and De-identificationMasking and De-identification
• Pseudonymize sensitive information (e.g. customers, billing…)
• Anonymize Personal Data before processing for development and testing
– MySQL Enterprise Security – FirewallFirewall
• MySQL Firewall Statement/User/IP Whitelists, Rules
– MySQL Enterprise Security – AuthenticationAuthentication
• Centralized Authentication Infrastructure
– DBA configurable IP whitelisting, Connection Limits, …
• Via server level and via per Account IP/Hostname Controls, Account resource limits, ...
– In transit data encryptionencryption
• Full support for TLS 1.2 - X509, Certificate Authorities, Exclude Lists, etc.
– Granular access controlsaccess controls
• Table Grants, Database Views, Stored Procedures, Functions
26
27. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Database
Encrypted
Tablespace Files
Undo/Redo logs
Shared Tablespaces
Protected
Key
Hacker /
Dishonest OS User
Accesses
Files Directly
Information
Access Blocked
By Encryption
MySQL Transparent Data Encryption
Keyring plugin - used to retrieve
keys from Key Stores over
Standardized KMIP protocol
Protects against Attacks on Database Files
27
28. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
What is Transparent Data Encryption?
• Data at Rest Encryption
– General/Shared Tablespaces, Redo & Undo logs, Disks, Storage, OS File system
• Strong Encryption – AES 256
• Keep it simple to manage – Complexity is the enemy of security
– One master key for the whole instance
– Easy, flexible to manage encrypted tablespaces (support tablespace export/import)
• Transparent to applications and users
– No application code, schema or data type changes
• Transparent to DBAs
– Keys are hidden from DBAs, no configuration changes
• High Performance / Low Overhead
– Simple Key Rotation without massive decryption/encryption costs
• Requires Key Management
– Protection (most important thing), rotation, storage, recovery
28
29. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• KMIP – Key Management Interoperability
Protocol (Oasis Standard)
– Keys are protected and secure
• KMIP mode tested with the following products
– Oracle Key Vault (OKV)
– Gemalto Safenet KeySecure
– Fornetix Key Orchestration Appliance
– Thales Vormetric Key Manager
• Enables customers to meet regulatory
requirements
• Additional Options
– Key Ring File
– Encrypted Key Ring File
Also
– Cloud Key Services (AWS)
• https://dev.mysql.com/doc/refman/8.0/en/keyring.html
MySQL Enterprise Transparent Data Encryption
KMIP Compliant
29
30. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall: Overview
30
Inbound
SQL Traffic
Web
Applications
SQL Injection Attack
Via Brower
ALLOW
BLOCK
DETECT
11
22
33
Instance
MySQL Enterprise FirewallInternet
31. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall: Operating Modes
31
ALLOW
IN Whitelist
PASSES Rule
Blocks SQL Attacks
Allows “Matching” SQL
Table
Table
Table
BLOCK
NOT IN Whitelist
FAILS Rule
BLOCK and ALERT
DETECT (IDS)
NOT In Whitelist
ALLOW and ALERT
Table
Table
Table
ALLOW – Execute SQL
- SQL Matches Whitelist
- SQL Passes Rule
BLOCK – Block the request
- Not in Whitelist
- SQL FAILs Rule
- In Block Mode
DETECT – Execute SQL & Alert
- Not in Whitelist
- SQL FAILs Rule
- In Alert Mode
11
22
33
Table
Table
Table
Allows SQL & Alerts
32. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall
• Real Time Protection
– Queries checked against White List and Custom Rules
• Blocks SQL Injection Attacks
– Block Out of Policy Transactions
• Intrusion Detection
– Detect and Alert on Out of Policy Transactions
• Automated White List
– Learning mode for creation of approved list of SQL command patterns on a per user basis
• Custom Rules using JSON definition
• Transparent
– No changes to application required
MySQL Enterprise Firewall monitoring
32
33. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Masking & De-Identification
33
De-identify, Anonymize Sensitive Data
34. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Masking & De-Identification
34
• Data Masking
– String masking
– Dictionary based replacement
– Specific masking
●
SSN
●
Payment card : Strict/Relaxed
Data Masking and Random Data Generation
• Random Data Generator
– Random number within a range
– Email
– Payment card (Luhn check
compliant)
– SSN
– Dictionary based generation
35. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• String data masking
– Mask a substring within a string : ArthXXXXnt
– Mask substrings at the beginning and at the end :
• XXthurDeXX
• SSN masking : XXXX-XX-1234
• Payment Card masking
– Strict: XXXXXXXXXXXXXXX7395, Relaxed: 493812XXXXXXXXX7395
• Dictionary based masking
– gen_blacklist(“007”, “00designations”, “Cover_identity”) => Universal Exports
35
Data Masking
MySQL Enterprise Masking & De-Identification
36. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Random data within range
– gen_rnd(10000, 20000) => 12503
• Email : kajsm.hamskdk@example.com
• Payment card : 7389026626032990
– Configurable length : 12 to 19 digits
• SSN : 915-63-3858
• US Phone number : 1-555-3456-332
36
Random Data Generation
MySQL Enterprise Masking & De-Identification
37. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Load multiple dictionaries
– Maps dictionary file => dictionary name
– In memory data for faster retrieval
• Generation based on dictionary data
– gen_dictionary(“periodictable”) => Oxygen
– If 007 on the blacklist then substitute otherwise provide random value
• Blacklisted – 007 – thus randomly substituted from Jobs Dictionary
– gen_blacklist(“007”, “Job_mask", “Jobs") => “Accountant”
• Not blacklisted – Administrator – thus passes through
– gen_blacklist(“Administrator”, “Job_mask", “Jobs") => “Administrator”
37
Dictionary based data generation, data blacklists
MySQL Enterprise Masking & De-Identification
38. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Authentication
38
Integrates MySQL with existing
security infrastructures
Integrates MySQL with existing
security infrastructures
• Integrate with Centralized Authentication Infrastructure
– Centralized Account Management
– Password Policy Management
– Groups & Roles
• PAM (Pluggable Authentication Modules)
– Native LDAP
• Access native LDAP service for authentication
– Windows
• Access native Windows service - Use to Authenticate users using Windows Active Directory or to a
native host
– Linux PAM Standard interface (Unix, LDAP, Kerberos, others)
39. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Detect - MySQL Enterprise Features and GDPR – 1 of 2
• Detect (Articles 30, 82, 33)
– MySQL Enterprise Security – AuditAudit
• Policy-based auditing solution – gather audit log of activity
• Use to spot database misuse
• Use to prove compliance to GDPR
– MySQL Enterprise Security – FirewallFirewall
• Real-time protection against database specific attacks
• Use to alert and/or block nefarious activity – such as personal data leakage
39
40. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Audit
40
• Out-of-the-box logging of connections, logins, and query
• Simple to fine grained policies for filtering, and log rotation
• Dynamically enabled, disabled: no server restart
• Various options for the Audit Logs
– XML-based audit stream
– JSON
– Compression
– Encryption
– Remote Read Only SQL statement access
• Send data to a remote server / audit data vault
• Oracle Audit Vault, Splunk, etc...
Adds regulatory compliance to
MySQL applications
(GDPR, HIPAA, PCI DSS, etc.)
Adds regulatory compliance to
MySQL applications
(GDPR, HIPAA, PCI DSS, etc.)
41. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Audit - Work Flow
41
• NEW! JSON
• NEW! SQL Views
42. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• Starting with MySQL Enterprise 5.7.13
• Allows DBAs to “custom” design audit process
– Use very fine grained rules
• Reduce audit log file size
• Reduce File System IO and Storage / Increases performance (less items logged).
• Increases audit log post processing efficiency – less data to process for
immediate answers.
• Defined using JSON
– Coarse grained rules
• When you need to watch everything
• Obsolete. Recommended is to use new audit log filtering.
MySQL Enterprise Audit Filtering
42
43. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Detect - MySQL Enterprise Features and GDPR – 2 of 2
–MySQL EnterpriseEnterprise WorkbenchWorkbench
• Security related –
–Inspect Audit Data
–Configure Firewall
–Manage Users
–MySQL EnterpriseEnterprise MonitorMonitor
• Monitor / Alert on Firewall, Audit, Backups and more
• Detect configuration changes
43
44. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Additional Security Controls – 1 of 3
Hashing, Signing, Encryption Functions
– Symmetric Encryption – AES
– Hashing – SHA-2, SHA-1
– Asymmetric Public Key Encryption (RSA)
– Asymmetric Private Key Decryption (RSA)
– Generate Public/Private Key (RSA, DSA, DH)
– Derive Symmetric Keys from Public and Private Key pairs (DH)
– Digitally Sign Data (RSA, DSA)
– Verify Data Signature (RSA, DSA)
– Validation Data Authenticity (RSA, DSA)
44
45. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Disaster Recovery - ensure availability of end-user data
• Backup
– MySQL Enterprise Backup
• Full, Incremental, Differential, Partial Online Backups
• Includes encryption (AES 256) & compression
• Support for MySQL TDE
• Point in Time, Full, Partial Recovery options
– Oracle Cloud MySQL database service includes Backup and Recovery
45
Additional Security Controls – 2 of 3
46. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Disaster Recovery - ensure availability of end-user data
• High Availability
– Various options
• MySQL InnoDB Cluster
– Based on MySQL Master / Master - Group Replication
• Traditional MySQL Replication Topologies
– Asynchronous
– Semi-synchronous
46
Additional Security Controls – 3 of 3
47. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Edition
• MySQL Enterprise Authentication
– External Authentication Modules
• Microsoft AD, Linux PAMs, Native LDAP
• MySQL Enterprise Encryption
– Public/Private Key Cryptography
– Asymmetric Encryption
– Digital Signatures, Data Validation
• MySQL Enterprise Firewall
– Block SQL Injection Attacks
– Intrusion Detection
• MySQL Enterprise Audit
– User Activity Auditing, Regulatory
Compliance
47
• MySQL Enterprise Monitor
– Changes in Database Configurations, Users
Permissions, Database Schema, Passwords
• MySQL Enterprise Backup
– Securing Backups, AES 256 encryption
• MySQL Enterprise TDE
– AES 256 encryption
– Key Management
• MySQL Enterprise De-Identification
– Data Masking and Obfuscation
– Formatted Data Randomization
– Pseudonymization, Data Blacklists
– Random Data Generation
48. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
Enterprise
Masking & De-Identification
• Masking
• Substitute/Subset
• Random Formatted Data
• Blacklisted Data
48
49. Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |
• MySQL Enterprise Security : https://dev.mysql.com/doc/refman/8.0/en/mysql-enterprise-security.html
• Security in MySQL : https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/
• MySQL Secure Deployment Guide : https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/
• MySQL Enterprise Audit : https://www.mysql.com/products/enterprise/audit.html
• MySQL Enterprise Transparent Data Encryption : https://www.mysql.com/products/enterprise/tde.html
• MySQL Enterprise Masking and De-identification : https://www.mysql.com/products/enterprise/masking.html
• MySQL Enterprise Authentication : https://www.mysql.com/products/enterprise/security.html
• MySQL Enterprise Firewall : https://www.mysql.com/products/enterprise/firewall.html
• MySQL Enterprise Backup : https://www.mysql.com/products/enterprise/backup.html
• MySQL Enteprise Monitor : https://www.mysql.com/products/enterprise/monitor.html
• MySQL Enterprise Encryption : https://www.mysql.com/products/enterprise/encryption.html
• Enterprise Encryption Functions : https://dev.mysql.com/doc/refman/8.0/en/enterprise-encryption-function-reference.html
• MySQL Enterprise Workbench : https://www.mysql.com/products/workbench/
49
References
50. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Thank you!