Home Why AWS RDS transparent data encryption is important?

Why AWS RDS transparent data encryption is important?

-

Cloud security is a vital factor for cloud computing. Organizations want their cloud infrastructure to be completely secure which will allow them to deploy their data, resources and focus on their business without getting worried about security attacks. RDS is the relational database service provided by AWS and it is essential to make sure that your database is safe from any kind of potential security attack.

Why AWS RDS transparent data encryption is important for cloud security?

Various security practices are recommended to secure data present in RDS instances to make sure data cannot be misused. One such practice is to enable AWS RDS transparent data encryption. RDS uses Transparent Data Encryption (TDE) to encrypt the data stored in database instances running database servers. Transparent Data Encryption(TDE) encrypts data when it is written to storage and decrypts the data when data is read from the storage.

Transparent Data Encryption (TDE) provides an encryption key management using two-layer protection. An SSL certificate is generated from the master key of the database which is used to protect the data encryption key. These database encryption keys perform the actual operation of encryption and decryption of data on the database. RDS manages the database master key and SSL certificates. Transparent Data Encryption (TDE) is used when there is a need to encrypt sensitive data when data and backups are obtained from a third-party source.

When data is received from an unknown source, then security becomes a major concern as the user would want that no harm is caused to its own data because of any other third-party source. This is where Transparent Data Encryption (TDE) plays an important role in encrypting and securing user’s data.

How can Centilytics help you in securing your RDS instances?

Centilytics provides a dedicated insight on AWS RDS transparent data encryption and shows all your AWS accounts with their respective data encryption status which helps the user figure out the security of their RDS instance(s).

Insight descriptions:

There can be 2 possible scenarios:

Severity Description
OK This indication will appear when the corresponding RDS instance has transparent data encryption enabled in AWS.
AWS EBS PUBLIC SNAPSHOTCRITICAL This indication will appear when the corresponding RDS instance does not have transparent data encryption enabled in AWS.

 

Description of further columns are as follows:

  1. Account Id: Shows the respective account ID of user’s account.AWS RDS transparent data encryption-ss1
  2. Account Name: Shows corresponding account name to the user’s account.AWS RDS transparent data encryption-ss1
  3. Region: Shows the region in which the corresponding instance exists.AWS RDS transparent data encryption-ss1
  4. Identifier: Shows the corresponding name of the instance.AWS RDS transparent data encryption-ss1
  5. DB Instance Encryption: Shows the corresponding status whether encryption of RDS instance is enabled or not.AWS RDS transparent data encryption-ss1

Filters Applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g.- If the user has tagged some resource by a tag named environment, then selecting an environment from the resource tags filter will display all the resource data accordingly.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – If the user has tagged some resource by a tag named environment and has given it a value say production (environment:production), then the user will be able to view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.

 

Read More:

[1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

[2]https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Overview

Cloud

Cloud Management