May 6, 2013 at 9:35 am
We have enabled TDE on all databases that contain PII data for SOX2 compliance. However, how do we do this for the SSAS cube? We can clearly see that data is not encrypted in the files for the cube. Has anyone had to do this? There is very little information out there. For those of you who do not know... We do not need the data encrypted during transfer. This is simply if someone copied or stole the files, could they restore them or view them after the fact.
Jared
CE - Microsoft
May 7, 2013 at 5:46 am
I know SSAS does not support encryption; I am sure you could you encrypt on the os file side, but that would likely cause issues during processing with performance. I am curious what others have come up with.
May 7, 2013 at 6:35 am
My current thought is that this information should not be in the cube. If it is, they are not utilizing the cube properly; i.e. addresses, IMHO, have no place in a cube as this is raw data. Any PII is raw data and should not be in a cube (at least in our case). If the user needs to drill down, this should be ROLAP to get row level information as opposed to aggregates.
Jared
CE - Microsoft
May 7, 2013 at 8:11 am
I was wondering also about the PII at the cube aggregation level... however, in my organization they seem to want, at times, that level of detail in the cubes too!
May 7, 2013 at 8:24 am
Scott Murray-240410 (5/7/2013)
I was wondering also about the PII at the cube aggregation level... however, in my organization they seem to want, at times, that level of detail in the cubes too!
I am going to go and make the case that that level of detail within a cube defeats the purpose of a cube. At that point, it is not MDA, it is one dimensional.
Jared
CE - Microsoft
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply