Security and Database Encryption

Jon Thatcher, FileMaker Konferenz 2014

Database encryption is one of the most critical features in securing your FileMaker solutions. With the introduction of Encryption at Rest (EAR) in FileMaker 13, developers and administrators gained a powerful tool to safeguard sensitive data stored in their databases. This post will thoroughly explore how FileMaker encryption works, why it’s necessary, and the performance considerations that come with its use.

Menu

1. Why Database Encryption is Critical
2. How FileMaker Encryption Works
3. Encryption at Rest (EAR): Core Features
4. Password Management and Keystores
5. Handling Temporary Files, Backups, and Progressive Backups
6. How Encryption Affects Performance
7. Security Implications for Developers and Admins
8. Best Practices for Using FileMaker Encryption
9. Conclusion

Why Database Encryption is Critical #tag1

FileMaker Encryption at Rest (EAR) provides a powerful layer of security for data stored within a FileMaker database. Encryption ensures that even if someone gains access to the physical files—through theft, unauthorized access, or other means—they cannot read the data without the proper decryption key.

The Threat Landscape:

• Physical Theft: Laptops, USB drives, and servers are physical objects that can be stolen, leaving your data vulnerable. Without encryption, anyone who acquires the physical database can access its contents.
• Unauthorized Access: Employees, contractors, or even IT staff with malicious intent may attempt to download databases or backups. Encryption ensures that even if they succeed, the data is useless without the encryption key.
• Compliance: Many industries, such as healthcare and finance, require encryption of sensitive data to comply with regulations like HIPAA, GDPR, and PCI-DSS. Encryption at Rest (EAR) provides a mechanism to meet these requirements.

In short, encryption turns your data into an unreadable format, and only authorized users with the correct key can decrypt and interact with the database.

Back to Menu

How FileMaker Encryption Works #tag2

At the heart of FileMaker’s encryption technology is AES-256, a strong encryption algorithm that is widely used and trusted in industries requiring high levels of security, such as finance and government.

Core Mechanics:

1. Block-Level Encryption: Every 4KB block of the database file is encrypted individually using the AES-256 encryption standard. This ensures that each small chunk of data is protected independently, enhancing security.
2. Random Data and “Salt”: FileMaker adds random data (salt) to each block before encryption. This means even if the same data is written multiple times, the encrypted output will look different. This technique prevents attackers from using patterns to reverse-engineer the encrypted content.
3. Decryption On-The-Fly: When an authorized user opens the database, FileMaker decrypts each block only when it’s needed. This approach minimizes performance impact while keeping the data secure. The decryption happens in the RAM cache, and once the block is processed, it remains decrypted only while in memory.
4. Shared ID: If you have a multi-file solution, you can use the Shared ID feature to group files that share the same encryption password. This allows you to enter the encryption password only once when opening the solution, simplifying the user experience without compromising security.

The result is a robust encryption system that secures all data stored in the database and prevents unauthorized access, even if the physical file is stolen.

Back to Menu

Encryption at Rest (EAR): Core Features #tag3

Encryption at Rest (EAR) refers to the encryption of data when it is stored (i.e., at rest) on the disk, including hosted databases, backups, and temporary files. This is different from encrypting data in transit (via SSL) or during usage.

Key Features of EAR:

1. Database Files: EAR encrypts every byte of data stored within the main database file on FileMaker Server, FileMaker Pro, or FileMaker Go. This includes data, scripts, layouts, and all other elements of the solution.
2. Backups: Backups created by FileMaker Server are encrypted using EAR, ensuring that even backups stored off-site or in the cloud remain secure. The backup encryption uses the same AES-256 standard, ensuring continuity of security across the system.
3. Temporary Files: Temporary files generated by FileMaker—such as cache files used for speeding up operations—are also encrypted when EAR is enabled. This prevents attackers from gaining access to cached data, which could contain sensitive information.
4. Database Decryption: Decrypting the database requires the encryption password, which is not stored anywhere in the file. Even if someone accesses the database, they cannot open it without the password. The decryption happens automatically in the background once the correct password is provided, ensuring ease of use for authorized users.

This system ensures that every aspect of your FileMaker solution is encrypted and secure, making EAR an essential feature for any organization that handles sensitive data.

Back to Menu

Password Management and Keystores #tag4

Managing encryption passwords securely is critical to ensuring the long-term safety of your data. A strong encryption system is only as good as the management of the encryption keys.

Password Handling:

• Not Stored in the Database: FileMaker does not store the encryption password within the database file itself. Only a hint and a unique Shared ID (if applicable) are stored. This ensures that the encryption password cannot be extracted by examining the database file.
• Strong Passwords: Use strong, complex passwords that include at least 10 characters with a mix of upper/lower case letters, numbers, and symbols. Avoid common dictionary words, as these are vulnerable to brute force attacks.
• Password Loss: If the encryption password is lost, the database is effectively unrecoverable. FileMaker Inc. cannot retrieve lost passwords, so it’s critical to store them securely (e.g., in a fireproof safe or a secure password manager).

Keystores:

• FileMaker Server Keystore: FileMaker Server offers an optional secure keystore to store encryption passwords. This allows for automatic opening of encrypted databases without manually entering the password every time the server restarts.
• Secure by Machine: The keystore is encrypted with machine-specific data, meaning it cannot be copied and used on another machine to open the database.
• Managing Stored Passwords: The server administrator has full control over the keystore and can clear passwords for individual databases or for all databases at once. This ensures that sensitive passwords can be removed if necessary.

Password management is one of the most critical aspects of maintaining encryption security. A strong policy for managing, storing, and updating passwords will go a long way in protecting your data.

Back to Menu

Handling Temporary Files, Backups, and Progressive Backups #tag5

One of the most common concerns about encryption is how it handles backup and temporary files, both of which can be points of vulnerability if left unencrypted.

Temporary Files:

• Temporary File Encryption: FileMaker creates temporary files during database operations, which could potentially expose sensitive data. When EAR is enabled, these temporary files are encrypted, ensuring that no sensitive information is written to the disk in plain text.
• Minimizing Data Leakage: Since temporary files are automatically encrypted, this minimizes the risk of data leakage in the event of a system compromise or unauthorized disk access.

Backups:

• Block-for-Block Backups: FileMaker Server performs block-for-block backups, ensuring that encrypted files remain encrypted during the backup process. This means that the encryption overhead is negligible, and backups are fast and secure.
• Progressive Backups: Progressive backups, which only back up the changed blocks of a database, do introduce some encryption overhead, as each changed block must be re-encrypted. However, the overhead is minimal and typically does not affect overall performance.

Considerations for Backup Encryption:

• Ensure that your backup files are stored securely, ideally in encrypted off-site storage.
• Use FileMaker’s built-in backup scheduling tools to automate backups and ensure that encryption is consistently applied.

FileMaker’s robust handling of temporary files and backups ensures that data is protected at every stage—during live operation and in archived backups.

Back to Menu

How Encryption Affects Performance #tag6

Encryption, while vital for security, does introduce a slight performance overhead. FileMaker has optimized its encryption system to minimize the impact, but understanding where performance hits occur can help developers and administrators manage expectations and optimize workflows.

Performance Considerations:

• Disk Read/Write Overhead: Every time FileMaker writes a 4KB block to disk, it encrypts the block using AES-256. Similarly, reading a block from disk requires decryption. While this adds a small amount of overhead, modern processors with AES-NI (hardware acceleration) handle these operations efficiently.
• SSL Overhead: If you are using SSL encryption between FileMaker Server and clients, you can expect less than a 5% performance overhead. This encryption secures data in transit but adds minimal slowdown thanks to efficient encryption algorithms.
• Virtual Machine Considerations: When running FileMaker on a virtual machine (VM), be aware that not all hypervisors support AES-NI hardware acceleration. Check your hypervisor’s documentation to ensure encryption is optimized.
• Save as Compacted Copy: If you perform a “Save as Compacted Copy” operation on an encrypted database, the encryption process may take longer. This is because compacted files require each block to be “uncompacted” before encryption, significantly increasing processing time.

Mitigating Performance Impacts:

• Use Modern Hardware: Servers and workstations with AES-NI support will experience minimal performance impact from encryption. Invest in up-to-date hardware to optimize performance.
• Limit Resource-Intensive Tasks: For databases with heavy transactional loads, ensure that encryption is balanced with operational needs. Avoid unnecessary “Save as Compacted Copy” operations on encrypted files to prevent delays.

On most modern systems, FileMaker encryption introduces only a small slowdown, typically less than 10%, which is a reasonable tradeoff for the security benefits it provides.

Back to Menu

Security Implications for Developers and Admins #tag7

Database encryption doesn’t just affect end users; it also changes the way developers and administrators need to approach the overall security architecture of their FileMaker solutions.

Considerations for Developers:

• Sensitive Data Management: Always identify which fields and tables contain sensitive information (e.g., financial data, personal identifiers). Ensure that these are prioritized for encryption.
• Field-Level Security: While encryption secures the entire database, developers should still use field-level security to prevent unauthorized access within the solution itself. Privilege sets can restrict access to sensitive fields, ensuring data is protected both in transit and at rest.

Considerations for Admins:

• Password Policies: Admins must enforce strong password policies for both encryption passwords and user accounts. Regularly rotate passwords and avoid reusing passwords across multiple databases.
• Audit Logs: Use FileMaker’s audit logs to track who accesses sensitive data, and ensure that these logs are reviewed regularly. Any unauthorized access attempts should trigger an immediate investigation.
• Network Security: Ensure that SSL encryption is enabled for all network communications between clients and FileMaker Server. This prevents data from being intercepted during transmission.

By integrating encryption into every aspect of the development and administration workflow, you create a much more secure environment for your FileMaker solutions.

Back to Menu

Best Practices for Using FileMaker Encryption #tag8

To get the most out of FileMaker’s encryption features, it’s important to follow industry best practices. These recommendations will help ensure that your encryption strategy is both secure and efficient.

Encryption Best Practices:

• Use Strong Encryption Passwords: Ensure that passwords are long, complex, and stored securely. Avoid using easy-to-guess passwords or reusing passwords from other systems.
• Enable SSL: Always enable SSL encryption for client-server communication to protect data in transit. SSL should be used alongside database encryption for comprehensive security.
• Leverage the Keystore: For FileMaker Server environments, use the optional keystore feature to manage encryption passwords. This simplifies the process of reopening encrypted databases and ensures that passwords are protected in a secure environment.
• Regular Backups: Automate encrypted backups to ensure that data remains secure even in off-site or remote storage environments.
• Rotate Encryption Keys: Regularly update encryption passwords to ensure long-term security. While rotating keys is more complex, it adds an additional layer of protection against potential vulnerabilities.

Implementing these best practices will help you secure your FileMaker databases against internal and external threats, while ensuring compliance with data protection regulations.

Back to Menu

Conclusion #tag9

FileMaker’s Encryption at Rest (EAR) feature is a game-changer for organizations needing to protect sensitive data. By understanding the inner workings of AES-256 encryption, managing passwords securely, and optimizing for performance, you can ensure that your FileMaker databases are protected from unauthorized access. Combining encryption with other security measures, such as SSL and privilege sets, gives you a robust security architecture that protects data at every level.

Key Takeaways:

• AES-256 encryption protects all database content, backups, and temporary files.
• Password management is critical—use strong passwords and secure them in a keystore or safe environment.
• Performance impacts are minimal on modern hardware, but it’s important to consider encryption in resource-intensive operations.

By integrating these best practices, FileMaker developers and admins can ensure that their databases remain secure, compliant, and optimized for performance.

Back to Menu

Security and Database Encryption
Jon Thatcher
FileMaker, Inc.

FileMaker Konferenz 2014