Over-the-Wire and Data-at-Rest Encryption
Data security is a hot topic! The loss of data via cyber attacks can lead to a loss of customers (typically 4% of your customer base) and reputation, lead to regulatory action, and even expose you to large fines. InterBase supports encryption of data between server and clients (over-the-wire network traffic) and data-at-rest (both DES and strong AES 256-bit encryption).
InterBase encryption is built into the database as part of its cross-platform single-file format, allowing InterBase to offer protection of data everywhere it resides throughout the development life cycle.
Data encryption at rest is controlled by a separate security login to support industry best practice for data controllers.
Free white paper: Mobilizing Enterprise Data
Separate Security Login
A common mistake around data security is to think that encrypting the database is enough. More important is controlling who can see what data. This is the legal responsibility of the Data Security Officer, and InterBase helps you separate and manage this via a special login, SYSDSO.
The ability to read, insert, update, delete, and search on data in InterBase is defined by the SYSDSO use. SYSDSO controls at a column level who can see, search, and update data, allowing you to control throughout the development life cycle who gets to see what data and when; even developers cannot bypass encryption to view and search for sensitive data (unless your DSO allows them access).
Having granular column-level encryption built into your data layer drastically reduces the risk of data breaches through requirement changes and product refactoring as your data layer (and not your application) is managing data visibility.
Role-Based User Security
Almost every application that stores data has users with different levels of access to data. Rather than requiring you to spend time building, managing, and testing user security in your own applications, InterBase provides it out the box. By defining user security roles that match job roles (e.g., accountant, accounts manager, salesperson, human resources, etc.), you can then allocate users with multiple roles, making it easy to add or remove access to data across your system.
User security covers both data and also access to Change Views, allowing you to easily control who can track data changes too.