Cloud security is a vital factor for cloud computing. Organizations want their cloud infrastructure to be completely secure which will allow them to deploy their data, resources and focus on their business without getting worried about security attacks. RDS is the relational database service provided by AWS and it is essential to make sure that your database is safe from any kind of potential security attack.
Why AWS RDS transparent data encryption is important for cloud security?
Various security practices are recommended to secure data present in RDS instances to make sure data cannot be misused. One such practice is to enable AWS RDS transparent data encryption. RDS uses Transparent Data Encryption (TDE) to encrypt the data stored in database instances running database servers. Transparent Data Encryption(TDE) encrypts data when it is written to storage and decrypts the data when data is read from the storage.
Transparent Data Encryption (TDE) provides an encryption key management using two-layer protection. An SSL certificate is generated from the master key of the database which is used to protect the data encryption key. These database encryption keys perform the actual operation of encryption and decryption of data on the database. RDS manages the database master key and SSL certificates. Transparent Data Encryption (TDE) is used when there is a need to encrypt sensitive data when data and backups are obtained from a third-party source.
When data is received from an unknown source, then security becomes a major concern as the user would want that no harm is caused to its own data because of any other third-party source. This is where Transparent Data Encryption (TDE) plays an important role in encrypting and securing user’s data.
How can Centilytics help you in securing your RDS instances?
Centilytics provides a dedicated insight on AWS RDS transparent data encryption and shows all your AWS accounts with their respective data encryption status which helps the user figure out the security of their RDS instance(s).
There can be 2 possible scenarios:
|OK||This indication will appear when the corresponding RDS instance has transparent data encryption enabled in AWS.|
|CRITICAL||This indication will appear when the corresponding RDS instance does not have transparent data encryption enabled in AWS.|
Description of further columns are as follows:
- Account Id: Shows the respective account ID of user’s account.
- Account Name: Shows corresponding account name to the user’s account.
- Region: Shows the region in which the corresponding instance exists.
- Identifier: Shows the corresponding name of the instance.
- DB Instance Encryption: Shows the corresponding status whether encryption of RDS instance is enabled or not.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying region filter will display data according to the selected region.|
|Severity||Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g.- If the user has tagged some resource by a tag named environment, then selecting an environment from the resource tags filter will display all the resource data accordingly.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – If the user has tagged some resource by a tag named environment and has given it a value say production (environment:production), then the user will be able to view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.|