Database backup with encrypting sensitive data
Publication Date: 2014-Apr-29
The IP.com Prior Art Database
The issue with the "traditional" data encryption (masking) is that it has to be done as the extra work by the user, often using separate database backup (nobody wants to modify the production database directly for this purpose and next reverts the previous state). The DBAs usually create the backup of the production database, restore it on the separate machine and encrypt sensitive data. It has to be the similar machine for the binary backup and it is the extra expense for the customer. Some databases contain a tones of data and transfer of unencrypted backup to the destination machine, where the backup using "traditional" mechanisms will be created, is also a huge problem. Definitely it is very time and resources consuming process. It is also the error prone one. Additionally, invoking the encryption statements, the database statistics are updated so it is not the mirror backup of the production database anymore. Business meaning of data can be completely blurred or some problematic data, needed for investigation the issue, can be accidentally fixed (more concerns contains the disclosure text). In such cases backup becomes useless (the support team is not able to reproduce the issue and advice some solution). The last but not least - not every customer is able to create such manual backup itself and they have to request the support team for help. It is complex and generates additional costs for customer hence they stuck with some db issues that maybe are not critical, but can decrease software productivity. Proposed solution, where masking (encrypting) of data is done in one operation together with creating the backup of database, allows to save plenty of time and resources. Such solution would be distributed with some special setup tool that simplifies the entire process. The user would be able to mark data as the sensitive one by selecting the proper checkbox. Some data could be automatically recognized as sensitive. The database statistics (used to calculate the optimal execution plan for queries) are not updated using the considered solution and the business meaning of data is skipped (i.e. the specific values of some fields or having some border cases). Such process is definitely less error prone and allows the customer to create such backup itself or with little help of the support team in order to send it for analysis (for instance to adjust the indexes and db parameters to the current data set). Productivity of such managed software will be improved what is important for each customer.