Filling the Cybersecurity Gap for Database Security

Database encryption has long been viewed as redundant protection only needed in cases where firewalls, identity authentication and all other security measures fail. However, the abundance of general and industry-specific regulations regarding safeguarding sensitive data means encryption may be what spares organizations from heavy fines, lost business and shattered reputations in the event of a breach. The frequency and severity of breaches are soaring, increasing the need for stronger security. Despite this, many organizations resist database encryption technology due to perceived implementation difficulty. A compromised database has the potential to reveal sensitive personal or proprietary information, harm the confidence in an organization, and leave the impacted business open to severe financial penalties and civil suits. Far-reaching data privacy controls like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) increase the fines and liabilities for organizations entrusted with safeguarding personal information of covered residents. Industry-specific regulations like in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and the Federal Information Security Modernization Act (FISMA) outline controls for concerned institutions tasked with protecting data, and steps they must take when they fail to do so. The best practice to comply with each, whether explicitly mandated or vaguely suggested, is to deploy strong, future-ready encryption. Prevalent block cipher modes of operation (e.g., AES) are far more resistant to attacks from advanced computer power that asymmetric cryptosystems providing their key lengths exceed the practical brute force capabilities of an attacker. A database encrypted with AES can risk exposing part or all of the material contained should such an attack successfully uncover an encryption key. Developing technologies create many uncertainties when it comes to the efficacy of today’s ciphers. PKMS2 solves with: Strength: The PKMS2 mode of operation provides elevated future-ready protection by using multiple symmetric algorithms to form compounded layers of encryption. The resulting key length, starting at 387 bits, is longer that of its constituent ciphers. Integrity: PKMS2’s use of various algorithms in an encryption deployment provides fallback security should one be compromised. Confidentiality: PKMS2’s mode of operation is provably resistant to side-channel, message recovery and brute force attacks. Adaptability: PKMS2 is platform agnostic for universal deployment. It is a swappable API replacement for the AES library. Reinforcement: A database backup encrypted with PKMS2 can help organizations quickly recover from ransomware attacks. Readiness: PKMS2 can incorporate new quantum-resilient algorithms as they become available to outpace advancing computer technology. Compliance: PKMS2 uses FIPS140-2-compliant AES and delivers a level of encryption beyond the “reasonable security” prescribed in most data privacy controls. A compromised organization may find “safe harbor” from damaging breach reporting protocols if leaked data is encrypted with PKMS2. PKMS2® and your Business

• Patented method for combining encryption algorithms
• Encryption strength increases to (387-bit to 512-bit)
• Choice of 2 to 8 trusted algorithms, including (AES)
• Swappable API replacement for (AES) library
• Fully compliant for any industry
• Platform agnostic integration