Abstract: There is a mortal enemy of data leakage, called fully secret state!
This article is shared from Huawei Cloud Community " Afraid of Data Leakage These Years? Full Secret State Database: It Doesn't Matter, I Will Shot ", Author: GaussDB Database.
What the hell is a full-secret database that hangs in the sky?
I can't hide it anymore, this fully encrypted database is really on the top!
There is a mortal enemy of data leakage, called full confidentiality!
Data is sold for a price
Unexpectedly received a scam call
Enterprise data breaches make people panic
......
on the surface
Appears to be a leak of personal data information
Further study
In fact, companies that hold personal data information
There are more and more risks such as data leakage and data tampering
As the core carrier of data
How to provide security for the database ?
This requires a technology that supports end-to-end encryption of data
We call it: fully secreted state
In February of this year , the China Information and Communication Academy has joined forces with Huawei and other companies
Jointly formulated and released the industry's first fully encrypted database product standard
Standards include full-cycle database encryption and encryption data processing
Encryption algorithm and key management, database basic capabilities four major capability domains
A total of 30 test items
Some people ask, what does the full secret state technology do?
In fact, decomposing the information system security level into
can be classified into three points
And the full dense state points to the " C " in it
That is, in the whole process of data flow
How to achieve complete confidentiality of data
Thereby avoiding the risk of data leakage and data tampering
Sounds great, what's the logic behind it?
First, a piece of data goes through
Collection, transmission, storage, processing, exchange, destruction
Such a complete process
There are many links, and the probability of data being obtained maliciously is also high
fully secret database
In addition to the function of the database
Data can also be encrypted for additional protection
The user owns the data encryption and decryption key
The encryption and decryption process is only completed on the client side
Other query operations are done on the server side
Because the data is locked directly from the source
Therefore, the data exists in the form of ciphertext throughout the process
No matter how many links there are, don’t be afraid!
so
Regardless of the link, the attacker can only hit a wall
The problems of information leakage and data tampering are all solved
Security of user privacy and data life cycle
nature is no problem
For businesses and users
This is undoubtedly the savior of data privacy security risks!
First, users trust get √
Fully encrypted state makes the whole process of data highly secure
Because the client owns the encryption key
It is also easier for enterprises to gain the trust of users
Secondly, personal privacy protection laws and regulations get √
If there is no fully encrypted state, it must be encrypted at the application layer
Enterprises need to do a lot of application transformation
Moreover, data cannot be queried and processed directly after encryption
The database can only do simple storage
When querying and processing data
The data can only be taken out from the database and then decrypted for use, tired!
With the fully encrypted state, the data is directly encrypted and protected
Enterprises abide by personal privacy protection laws and regulations, worry-free
Users are also more at ease
Again, cross-regional data trusted flow get √
Many projects need to run across regions and enterprises
For example, east and west
Data storage and results are in different regions
The full secret state is equivalent to adding a protective cover with a password from the source
Trusted and free flow of data across enterprises and regions is no longer a problem
The full secret state is so capable, which one is better in China?
This has to mention the Huawei Cloud GaussDB database
A few days ago, HUAWEI CLOUD GaussDB was 100% fully completed
China Academy of Information and Communications Technology's first batch of "full secret database" product capability evaluation
Why does GaussDB lead the industry?
It must be strong technical strength!
20 years + investment, 1000+ talent investment is not a bragging
I heard that Huawei's database team will increase to more than 2,000 people this year!
Difficulty 1: How to make users completely insensitive to use?
Do you still need to modify the original SQL statement and data type?
The way GaussDB handles it is
Grammar can be parsed automatically
And the syntax parsing work is built into the client driver
Not only does the user feel indifferent, but also saves effort
Difficulty 2: How to get rid of the dependence on encryption hardware?
Can it be achieved only by pure software?
The answer is: yes!
GaussDB supports pure soft solutions
The whole process is stored in ciphertext
And through mathematical algorithm
Query and operate directly in the ciphertext space
It can be called the high-precision technology in the security field!
Definitely yyds !
Difficulty 3: How to make the performance loss in the fully secret state controllable?
Everyone knows that encryption and decryption will inevitably lead to performance loss
GaussDB combines hardware and software
Mathematical algorithms can be queried directly in the form of ciphertext
Without the need to pass the encryption and decryption process in a trusted hardware environment
This greatly reduces the performance loss of hardware IO and additional encryption and decryption
One word, absolutely!
Of course, just talk without practicing fake moves
It's a mule or a horse, you have to pull it out for a walk
Recently, Huawei announced the realization of the research and development of the self-innovated MetaERP system
Complete the replacement of the old ERP system
This tough battle
It is the most extensive and complex project in Huawei's history
Among them, GaussDB full secret state technology is very important
supporting Huawei
Business in 170+ countries, serving the world's top 500 companies with a population of 3 billion
Ciphertext query and calculation of all core accounting top-secret data
Built a data security protection wall
Avoid data leakage from all aspects
In short, fully secret technology
It's like putting a strong lock on user data from top to bottom
Only the user has the key to unlock
In this way, the threat of data security will no longer be "soaring"!
Click to follow and learn about Huawei Cloud's fresh technologies for the first time~