Today I want to cover 5 areas.
First I want to briefly relate at a high level the challenges out there. I won’t spend too much time here – but I do think its important to understand the whys and whats
After that I want to give you a high level view of all the solutions we have and how they map together to fill out all the various aspects of security
Next I go into some of the details behind the MySQL solutions
And finally look at whats new, and where are focus is, and also to hear from you all where your needs lie, to see if were headed in the direction you need, etc.
Mega breaches involving millions of compromised records continue to make headlines. For example:
The Equifax breach revealed the names, Social Security numbers, birth dates, and addresses of almost half of the total U.S. population. Around 400,000 U.K. customers were also reportedly affected. Final findings revealed a total of 145.5 million exposed records.
At SingHealth, Singapore’s largest healthcare group, the nonmedical personal data of 1.5 million patients was reportedly accessed, including their national identification number, address, and date of birth as part of the attack. The stolen data also included the outpatient medical data of 160,000 patients.
In March of this year, the athletic wear company Under Armour disclosed that data tied to its fitness app was breached this year, affecting 150 million user accounts. Users' usernames, email addresses and passwords were affected
In August of this year, British Airways said that names, addresses, email addresses, and sensitive payment card details from 380,000 transactions were all compromised.
Though people have reached a seeming point of desensitization to news citing a data breach, protecting user data has become increasingly important amid stricter regulation implementation. Companies are no longer just required to announce that their systems have been breached but also pay fines that can reach up to 4 percent of their annual turnover should they deal with the data belonging to European Union (EU) citizens in accordance with the General Data Protection Regulation (GDPR) requirements.
Sources
--------------
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101
Data breaches continue to be costlier and result in more consumer records being lost or stolen, year after year. In 2017 there were over 1500 data breaches in the United States alone and over 170 million records exposed.
A data breach involving more than one million compromised records, is referred to as a mega breach.
A mega breach of 1 million records yields an average total cost of $40 million
A mega breach of 50 million records yields an average total cost of $350 million
While we continue to hear about mega breaches the cost of smaller breaches is also in the millions of dollars.
What contributes to these costs is:
Detection activities such Forensics & Auditing Services
Notification Costs, including communicating with Regulators
Legal Costs and regulatory fines
Lost business and company reputation
----------------
Sources
https://databreachcalculator.mybluemix.net/assets/2018_Global_Cost_of_a_Data_Breach_Report.pdf
https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/)
So how many in the room are dealing with regulations and guidelines? How many are dealing with multiple. This is just a subset of regulations that your company may need to comply with.
The new kid on the block is GDPR. If you deal with the EU – no matter where your company resides – you need to comply to it.
At a high level you need to
ASSESS – hopefully pre-production during the design process, but then also continuously check things out to make sure your servers are secure and hardened. The goal – to reduce risks, detect and resolve any vulnerabilities, make sure controls – like user permissions, password and network access policies, encryption requirements.
Be DEFENSIVE – and PREVENT – MySQL has encryption, user controls, access controls, … for this . We’ll go into the details in a minute.
But even if you’ve performed strong Assessment and Prevention – things could still happen – the sooner you spot an issue, a misuse, a hack, the better. For this you need to act like a security guard – DETECT - watch what’s happening with Audit, Monitor for suspect changes, and get Alerted so you know immediately when suspect activity occurs.
Finally – be able to RECOVER – even if the worst happens – say a server gets encrypted and ransomed – or its to complex to safely recover the server from an attack – you need a clean server you can bring online and resume critical services. Then you can go back and look through audit data, logs, and other forensics carefully without tainting a server. You can move forward but still preserve evidence if you need to prosecute. Etc. You may even need to bring back old backups from archive. Backups have many purposes beyond disaster recovery.
Now MySQL has Roles
So you can assign permissions to roles
And then assign users to roles and even roles to roles.
This also allows you to define default roles – that happen with the connection
OR you can set a role
For example – in general keep permissions at a minimal and only escalate by setting a more powerfully permitted role when needed.
This also makes it far harder for hacker – as they won’t necessarily know you are using roles etc.
Here you can see how roles are
Created
Granted
How you can use WITH ADMIN option – to allow others to grant same role.
CHHS=UNIVERSITY OF MARYLAND CENTER FOR HEALTH & HOMELAND SECURITY
PCI=Payment Card Industry
(Health Insurance Portability and Accountability Act
Security is often about manage-ability. Case in point – users and their accounts.
Often its easier to manage the users identity in one place.
MySQL Supports centralized user repositories with Enterprise Authentication plugins
Users have SSO
Managers can centrally add users to groups
Managers can remove of disable users centrally
You can limit user administration across one to many mysql instances
You can manage authentication across applications
Audit trails have common user identities for tracking all activity together
Prior to 8.0 many ACLs or Access Controls which appeared in a single statement – were actually executed in multiple parts.
With the new ACID based Innodb data dictionary in 8.0 and with other additional efforts – each statement is atomic – it succeeds or it fails.
This is great new for standalone – but also very valuable for cleaner replication and HA>
So statements creating many users, or granting to many users, etc are atomic now.
New locks within 8.0 were created to preserve this atomic feature for the access control statements.
Within the MySQL Enterprise Edition “Security” we have
TDE – transparent data encryption (I’ll go more into this) – in a nutshell it uses encryption and secured keys to protect your data – with zero change to your applications.
Next with have Authentication – providing integration with external Identity Servers like Microsoft Active directory, LDAP, and Linux PAMs
In enterprise we provide full access to standard PKI (Public Key, Asymmetric Cryptography) functions for integration across your applications – so you can implement fine grained encryption for very sensitive data.
A firewall to block the bad guys. Although SQL injection is very preventable at the application level – it extremely difficult to continuously determine if applications are constructed properly. And SQL inject attacks are simple to construction. Firewalls go a long way to protection from these attacks.
Audit to watch what’s happening – esp. with sensitive data and tables, esp. with powerful admins and users.
MEM – MySQL Enterprise Monitor – continuous best practice assessment. Spots weak security setup, advises on changes, then monitors to make sure things stay setup securely, and alerts when things need your attention.
Backup – with encryption to make sure your data isn’t stolen via backup image theft, that you can recover from attacks
And finally Thread pool – to minimalize DOS and other attacks attemption to overwhelm mysql connections.
So – lets take a visual look at how this is put together from Architectural Stand point.
Now lets dive down a bit into a few of these security technologies.
Transparent Data Encryption – enforces database security by removing alternative routes to the database outside of a MySQL database Connection.
So this means to files that MySQL uses – data in tables is in tablespaces and is stored in files. Too often these files can be copied and data accessed – by powerful os user on the file system, by getting to disk or other storage. Encrypted files with secured keys – don’t expose data.
Transparent – in that for a DATABASE user and DATABASE applications – they don’t know encryption is going on. No calls to decryption functions, no access to keys, etc.
Additionally – the goal is to minimize who has access to the keys – like the DBA
Finally – if keys are lost or stolen – the data is lost or stolen. Key management is core to effective encryption. Lose keys lose data, expose keys, expose data, etc
TDE solves many data compliance issues – where data encryption is required.
And its fast – most don’t notice the addition of encryption. Buffered data is already decrypted and ready to server. Expect low single digit impact.
Complexity is the enemy of security. So we worked hard to keep things SIMPLE
You load the plugin of your choice
You can create an new table as encrypted. Could can alter an existing table to be encrypted.
Key rotation is trivial and happens in less than a second.
Additionally we have support for TDE for TTS transportable tablespace files so you can export and import and keep data encrypted
And MySQL Enterprise Backup support backup and recovery of encrypted data. (even for many years of archive)
– best is kmip key management plugin –
It’s a standard
that is supported by OKV, Gemalto KeySecure, Fornetix or other KMIP compliance servers
Also - as of 5.7.19 AWS KMS is supported and more are coming (OPC KMS).
MySQL includes a variety of encryption functions
Standard symmetric – where one key encrypts and decrypts
Asymmetric – which make use of public key cryptography
Here more secure schemes can be used to allow encryption with public keys in applications without allowing decryption – unless the app has the private key.
This can be far safer – limiting the capability of apps by removing decryption keys.
Various functions for use to sign data so its immutable, verifiable, where changes can be detected.
All interoperable with standard openssl libraries.
Auditing is a key security tool – gives you the who what when from where and how
MySQL Enterprise Audit is simple to install.
Allows DBAs to define course to very fine grained auditing rules. The key to auditing is to watch sensitive things closely and fine tune your rules.
Auditing everything isn’t necessarily preferred. It really depends on what you are auditing etc.
And with 5.7.20 you can
Compress – to reduce audit file sizes
Encrypt – to protect the data in the audit trails
Chose JSON formats
Get Access from SQL – like tail calls – so Audit data can be reviewed w/o getting on the OS.
Standard tools can be used to decrypt and uncompress the audit data files – so will interwork with other audit vaults, audit repos
Audit works with Oracle Audit Vault – but there are many options for centrally archiving audit data.
Audit includes a full suite of features – to roll files, force auditing always – mysql won’t run if auditing isn’t enabled, etc.
Or it can be turned on and rules tuned if you are looking for specific suspect activity.
To this day SQL inject is one of the top attacks
MySQL Enterprise Firewall can stop those attacks
Simply turn on learning mode for a user and automatically build your white list
Change over to alert mode to confirm you don’t have any false positives (that is no false alarms)
Once things look good – switch to full on block mode.
In 5.7.21 add more general rules to block attacks by type, user, ip etc etc.
And you can decide on alerting or blocking per rule.
We are always looking for feedback related to security requirements. We’ve added many new things in account and password policies to meet customer requests over the last few years. Or if you have a regulatory requirement and can’t quite see if there’s something to meeting it – please ask. We may have it, or maybe we need to have it.
Also the more we know about what you need the better. Often requests come in the form of a solution – without the problem. But as well all know often there’s more than one way to solve a problem - or maybe we’ve already solved things – just some other way that’s not obvious.
Regarding TDE – MySQL 8.0 has already added redo and undo log encryption and were working on encrypting additional files (binlog, DD tables)
New Ultra Fast and secure SHA256 protocol
Openssl fips module support for govt folks.
Again we’re looking for feedback - what do you developers want, what would your dba’s like to have?
Within the MySQL Enterprise Edition “Security” we have
TDE – transparent data encryption (I’ll go more into this) – in a nutshell it uses encryption and secured keys to protect your data – with zero change to your applications.
Next with have Authentication – providing integration with external Identity Servers like Microsoft Active directory, LDAP, and Linux PAMs
In enterprise we provide full access to standard PKI (Public Key, Asymmetric Cryptography) functions for integration across your applications – so you can implement fine grained encryption for very sensitive data.
A firewall to block the bad guys. Although SQL injection is very preventable at the application level – it extremely difficult to continuously determine if applications are constructed properly. And SQL inject attacks are simple to construction. Firewalls go a long way to protection from these attacks.
Audit to watch what’s happening – esp. with sensitive data and tables, esp. with powerful admins and users.
MEM – MySQL Enterprise Monitor – continuous best practice assessment. Spots weak security setup, advises on changes, then monitors to make sure things stay setup securely, and alerts when things need your attention.
Backup – with encryption to make sure your data isn’t stolen via backup image theft, that you can recover from attacks
And finally Thread pool – to minimalize DOS and other attacks attemption to overwhelm mysql connections.
So – lets take a visual look at how this is put together from Architectural Stand point.
Now lets dive down a bit into a few of these security technologies.
Finally I want to leave you with some links – do you know where to find things.
The mysql server team blogs frequently on security
We have various white papers – many specific – for example on PCI or GDPR and MySQL
And we are happy to run a health check with you and can focus on security.