Key Connection for MySQL

Alliance Key Manager for MySQL

Key Connection for MySQL
800.357.1019

hbspt.forms.create({ portalId: "15891", formId: "880bb46e-8d12-4cac-9328-e63ea60ac5d7", sfdcCampaignId: "7011W000001gi0xQAA" });

800.357.1019

Alliance Key Manager for MySQL offers unparalleled security, flexibility and affordability for all users of MySQL Enterprise database. With no client-side software to install, you can deploy Alliance Key Manager to protect your MySQL data anywhere you want - your IT data center, VMware deployment, and in the cloud.

Alliance Key Manager for MySQL Enterprise
MySQL Enterprise eliminates the administrative and performance overhead of file and folder-based encryption solutions by providing encryption support directly in the database engine. This reduces the need to manage third-party encryption solutions, simplifies database deployment, and provides built-in, highly efficient encryption. MySQL Enterprise encryption uses industry standard 256-bit AES which is accepted worldwide as strong encryption. It allows MySQL Enterprise customers to meet a wide variety of compliance regulations including PCI DSS, GDPR, CCPA,  HIPAA, FISMA, and many others. 

 

MySQL Encryption Key Management
For encryption key management MySQL recommends the use of an external encryption key management solution like Alliance Key Manager, and uses the industry standard Key Management Interoperability Protocol (KMIP) to access encryption keys. MySQL Enterprise customers can deploy Alliance Key Manager and install the PKI certificates on the database server to easily begin managing encryption keys. Using native MySQL command line operations encryption is started and encryption keys are protected by Alliance Key Manager. 

 

KMIP Compliant
Meeting the OASIS KMIP standard enables interoperable communication between cryptographic environments and encryption key managers – which reduces the operational, training, and infrastructure costs for businesses. Organizations who deploy other applications and databases that support KMIP (such as MongoDB, vSphere/vSAN, etc.) can deploy Alliance Key Manager as a centralized key manager to easily begin protecting encryption keys with a variety of databases and applications.

 

Centralized Key Management
At no extra charge, deploy Townsend Security’s ready-to-use security applications for Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption (CLE), Microsoft SharePoint encryption, and other applications. There are never extra fees for based on the number of nodes/databases or deploying client-side applications. Additionally, binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java, .NET (C#), Python, PHP, Perl, RPG, COBOL and more.

 

Creating Strong Encryption Keys
Encryption keys are generated using a cryptographically secure pseudo-random number generator (CSPRNG), and are stored in a secure database on the key server. All encryption keys are protected by two layers of encryption as well as SHA-256 hash verification to prevent key corruption and key substitution. 

Encryption keys can be either expiring or non-expiring to enforce key use policies as defined by the security administrator. Additionally, encryption keys can be created in advance of use and only available at a predetermined future date. Encryption key management is restricted to your security administrator and all key management activity is logged to the system log audit trail. No one, including your cloud security provider, has access to your keys.

 

Administration
Key management administration is provided through an application that uses a secure and authenticated TLS connection. Alliance Key Manager restricts the administrator session to a separate and private ethernet port on the server. Security administrators use the console to configure key management services, manage encryption keys, import and export keys, and backup the key database. All administrator functions are recorded by the system logging facility.

To support the special needs of OEM and ISV partners, Alliance Key Manager provides a programmable interface to all key management administrative functions. 

 

User and Group Control for Key Access
Security administrators can enforce user and group level controls over access to encryption keys. Encryption keys can be restricted to a specific list of users, a specific list of groups, or specific users within a group. Alliance Key Manager uses the distinguished name in certificates to enforce user and group controls which reduces administrative time and cost.

 

Secure Key Retrieval
Applications retrieve encryption keys from the Alliance Key Manager server through a secure and mutually-authenticated TLS TCP connection. Both the client and the server authenticate each other using standard TLS certificate exchange. This is the highest level of authentication necessary for complete endpoint security.

 

High Availability
Alliance Key Manager mirrors keys between multiple key management applications over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support. The key manager fully supports MySQL cluster configurations for real-time high availability failover.

 

Platforms
MySQL Enterprise customers can deploy Alliance Key Manager as a hardware security module (HSM), VMware virtual machine, Cloud instance (AWS, Azure) or in containers. Alliance Key Manager supports seamless migration, multi-cloud, and hybrid implementations. 
 

Certifications and Validations

NIST AES compliance (ECB and CBC modes of encryption)

NIST SHA validation

NIST RNG validation (x9.31)

NIST HMAC validation

NIST FIPS 140-2, level 1

OASIS KMIP

Databases

MySQL

Interfaces

TLS authenticated secure communications

GUI console for key management

Secure web application for server management

Network Management

NTP

Syslog-ng

Automatic log rotation

Secure encrypted and integrity checked backups

Solution Briefs

Alliance Key Manager for MySQL

Alliance Key Manager for MySQL offers unparalleled security, flexibility and affordability for all users of MySQL Enterprise database.

Datasheets

Alliance Key Manager

Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.

White Papers

What Data Needs To Be Encrypted In MySQL?

Generally speaking, you should encrypt any information that alone, or when combined with other information, can identify a unique, individual person.