Protecting Personal and Health Data in MySQL

Protecting PII data is one of the biggest challenges of security minded DBA. But when you add a requirement to allow customers to have a direct access to a database replica it will make a life of a DBA nightmare. At VirtualHealth we deals with medical data. In this talk I will share an experience of how to implement customer authentication, authorization and data isolation in MySQL. I will cover such topics as:

1. Authentication of external users: how to create a secure connection to MySQL and manage users (LDAP, external auth, etc)

2. Authorization and data isolation

3. Auditing the logins and login attempts

4. Encryption at rest, field level encryption and key rotation

5. Data masking and data de-identification (for dev systems)