Securing Data at Rest with IBM Guardium Data Encryption
This topic describes how to secure data on persistent storage (data at rest) in SingleStore DB with IBM Guardium Data Encryption. This configuration allows you to protect all SingleStore DB information, including data files, backups, and logs from unauthorized access, including by unauthorized administrative users. The process is also known as Transparent Database Encryption or TDE.
IBM Guardium Data Encryption encrypts all protected SingleStore DB data with strong encryption. If the encrypted data is obtained in any way by someone without keys to access it, it will be useless. Even the root user on the Linux system running SingleStore DB can be prevented from accessing the information directly via the files where it is stored, even if they impersonate a user with access by using sudo. Keys can also be revoked to render data inaccessible.
The certification matrix below shows the versions supported for SingleStore DB and Guardium Data Encryption:
|IBM Guardium Data Encryption||220.127.116.11|
|SingleStore DB||7.1 or newer|
IBM Guardium Data Encryption is the same product as Thales CipherTrust Transparent Encryption (CTE), formerly known as Vormetric Transparent Encryption (VTE). IBM resells it under the Guardium name. To use IBM Guardium Data Encryption to secure data on persistent storage, follow the process described here for VTE. IBM Guardium Data Encryption documentation is available here. That documentation also describes the version numbers of VTE/CTE corresponding to each Guardium version.