Protects data by transforming it into unreadable cipher
Only users with the user-defined password and the cryptographic file can
decrypt this cipher text and read the original data.
Why encrypting data?
Encryption is used to protect your assets, your organization, or customers’ sensitive
data. Encryption can protect data from internal or external leakage.
In Big Data environments, large volumes of data from many sources are collected,
manipulated and stored in various formats. Encryption helps reduce the risk of
sensitive data exposure.
Encryption is also recommended or required for compliance with data protection
Considerations for data encryption
- Define the type of the data to be protected: data in transit or
data at rest.
- Identify the scope of the data to be protected: purpose,
ownership, access, etc.
- Provide strong passwords for the cryptographic file.
- Do not reuse passwords for different data encryption
- Store passwords in a secure password management system.
- Make sure only authorized users get access to the password and
the cryptographic file necessary to decrypt back data.
- Strong encryption methods generally increase required resources.
- Separate the cryptographic file from the encrypted data to keep
your data secure.
- It is advised to use different cryptographic files to encrypt
- Data encryption is not a complete security approach. Combining different
security layers help address concerns about sensitive data. Security layers
include vulnerability assessment and management or anti-malware solutions.
Data encryption methods
encrypts data using the AES-GCM and Blowfish encryption methods:
|128-bit block cipher||64-bit block cipher|
|Integrity check||No integrity check|
|Faster on modern CPUs||Computationally faster|
|Standardized by the National Institute of Standards and Technology
|Used by SSL/TLS|
The data encryption process
To encrypt data, you can either generate a password protected
cryptographic file or use an existing one.
- A randomly generated salt
- A randomly generated key encrypted with AES-GCM and the user-defined
- The encryption method encrypted with AES-GCM and the user-defined
- When using an existing cryptographic file, the salt is used to derive a
cryptographic key from the password using the PBKDF2 key derivation
- Using this key, the remaining of the cryptographic file is decrypted. If
the password is correct, the component can now access the randomly generated
key stored in the cryptographic file and the encryption method. If the
password is not correct, an exception is thrown.
- Encrypting the data, using the randomly generated password
stored in the cryptographic file and the encryption method.
- tDataEncrypt Standard properties
These properties are used to configure tDataEncrypt running in the Standard Job framework.
- Encrypting and decrypting back sensitive data
This scenarios uses two Jobs. The first Job encrypts last names, postal codes and dates of births. The second Job decrypts back the encrypted sensitive data.
- tDataEncrypt properties for Apache Spark Batch
These properties are used to configure tDataEncrypt running in the Spark Batch Job framework.
- tDataEncrypt properties for Apache Spark Streaming
These properties are used to configure tDataEncrypt running in the Spark Streaming Job framework.