Server General KMS for MySQL is a key management service for MySQL TDE customers.
Server General KMS for MySQL is a key management service for customers who do not want to build or manage a complicated, expensive and time consuming in-house key management system. Our service will empower you to focus on developing your business applications while we manage your encryption keys in a secure and compliant manner. The service makes it easy for you to comply with the HIPAA/HITECH Act and the PCI DSS mandates. You will be able to store your encryption keys on-premises or within our cloud locker. Moreover, your server can be hosted on any cloud platform or within your own data center. It usually takes less than 30 minutes to install and configure our service. The service is geared towards small to medium sized businesses who want to cut their data security and regulatory compliance costs.
Organizations try hard to comply with regulations and industry mandates, but the effort necessary often exceeds the capability of small IT groups. Server General KMS for MySQL being a service allows such organizations to focus on their business while helping them to manage their MySQL encryption keys in a compliant manner. It generally takes less than 30 minutes to install and configure our service. Our service allows you to control your own encryption keys while we ensure their availability and security.
Server General KMS for MySQL allows you to centralize and manage your encryption keys for all of your MySQL database servers spread across distributed cloud platforms - Amazon, CenturyLink, Google, Rackspace or within your own data center.
The ultimate control resides with you. You will be able to store your encryption keys in a secure appliance deployed on-premises or within our cloud lockers. We encrypt your master encryption key with a key that is only known to you. This way we never have access to the actual encryption key.
Unlike other vendors whose key management solutions can easily cost you thousands of dollars we see ourselves as a no-frills service provider. You can start with as little as 99 USD/month/server.
Our on-premises key locker is a battle hardened virtual appliance while our cloud key management infrastructure is managed by our security experts on 24x7x365 basis. All privileged operations are logged at four different locations in order to provide non-repudiation. The MySQL master encryption key is not stored on your server but in a key locker. It’s important to point out that we only store the encrypted value of your encryption key in our key lockers. This way our staff is unable to access the actual encryption key. At the same time if your server were to be compromised the key remains out of reach of an attacker as it is not stored on the server. When the key is needed to restart the MySQL service, our agent fetches the encrypted value from our key locker and only the data owner is able to reconstitute the actual encryption key using a secret passphrase. Furthermore, we use advanced access control mechanisms to deny the “root” user access to the key when it is being used on the server for a very brief period. Server General KMS for MySQL provides you with a secure location to store your MySQL encryption keys. You can store them on-premises in a virtual appliance or within our managed key locker infrastructure. We use role-based access control mechanisms to prevent unauthorized access. All privileged operations are logged at four different locations in order to provide non-repudiation.
Server General KMS for MySQL helps customers generate the MySQL Master Key (MMK). We also generate two additional encryption keys during the configuration process that are used by authorized entities to manage Server General KMS installation. Our key generation procedure is designed to protect against loss, theft and compromise.
Access to encryption keys is restricted to fewest number of custodians necessary.
We help customers to rotate their MySQL Master Key (MMK) and other keys that are used to manage the Server General KMS. The encryption keys can be rotated without having to decrypt the encrypted data sets first.
We use the maximum key length possible – 256 bits -- for your security.
Our key management design forces secure distribution of the encryption keys during the initial configuration process.
Server General KMS for MySQL stores your MySQL encryption key away from your encrypted data sets which is generally one of the main requirements of any data security regulation. You are further able to limit the scope of your compliance by deploying the key locker within your own network. Our key management system provides key generation, storage, rotation and revocation capabilities. We generate immutable logs of all privileged operations conducted by the Server General administrators by storing them at four different locations.
No additional infrastructure required. Server General software is installed on existing servers.
When you encrypt your ePHI using embedded transparent data encryption (TDE) functionality of your MySQL server then you have to ensure the safety of your encryption key that was used to encrypt patient information. Moreover, you will have to rotate your data encryption keys periodically to comply with good security practices. Server General KMS for MySQL can help you manage your MySQL master key in a manner that will make it easy for you to comply with the HIPAA/HITECH Act.
Businesses rely on Server General KMS for MySQL to meet the PCI DSS mandates when their in-scope data is stored in a MySQL database server and is encrypted using MySQL’s transparent data encryption (TDE) functionality. We have years of experience helping tier-1 customers go through their PCI audits and have designed our solution in a manner that makes it easy to comply with the PCI DSS mandates.
The European Union’s General Data Protection Regulation (GDPR) will become effective as of May 25, 2018. Just like California’s SB 1386 data breach notification legislation, GDPR stipulates that any entity that handles EU citizen’s data must provide notification of a successful breach. The law requires the entity to prove that it had put all the right measures in place to protect personal information. Many businesses use the embedded encryption functionality of their MySQL database to protect the sensitive information. Server General KMS for MySQL can help such businesses to manage their MySQL master encryption keys in a secure and compliant manner.