Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Encryption in Production Expand / Collapse
Author
Message
Posted Friday, February 10, 2012 9:59 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, September 2, 2014 12:18 PM
Points: 350, Visits: 259
At the moment all of our encrypted stuff is encrypted before it is passed to the database.
(C# Framework 4.0 if you care) This means I mostly don't have to answer questions about packet sniffing and other network related weirdness.

But note that we currently don't have an offering for sensitive data (HIPA, etc.), the closest we come is PII (no SSNs) which is honestly either available through other channels already or subject to FOIA.

There is already a group here that handles payment cards and they are on a certified systems with two factor authentication, etc.

HTH,
-Chris C.

Edit: SSN == social security numbers, FOIA == freedom of information act
Post #1250432
Posted Friday, February 10, 2012 12:14 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 8:25 PM
Points: 31,279, Visits: 15,740
Richard Sisk (2/10/2012)


It works quite well, we have key change procedures that are used to regularly update the keys. If a backup is stolen, it's no good unless they also know to steal the key backups which are stored protected on another device. It has passed several PA-DSS audits.



How often do you change keys and how big a deal is it? Performance issues? Resources in use? blocking?







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1250503
Posted Sunday, February 12, 2012 12:50 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Wednesday, November 12, 2014 2:18 AM
Points: 285, Visits: 747
I have implemented TDE for one 3rd party application where the vendor was unable to make their app work when we asked them to encrypt the sensitive data within the application. I view TDE as very much 'better than nothing' but far from ideal, as anyone with database access (i.e. the DBAs) can read the data, and IMO encryption of sensitive data should always be done within the application, so that it can't be accessed other than through the application.
I'm asked from time to time about using TDE, and my answer to that is the same as when I'm asked about encrypting data to meet PCI DSS requirements - it is better by far to get the application developer or vendor to do this than to rely on the DBMS. Ultimately I believe application vendors who don't include encryption of sensitive data to meet legal requirements in their products will find themselves at a severe competitive disadvantage.
Post #1250939
Posted Thursday, February 16, 2012 3:41 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, October 30, 2014 7:27 AM
Points: 3, Visits: 235
There's a useful thread here with advice on 3rd-party tools that can be used for backup management and encryption: http://www.sqlservercentral.com/Forums/Topic367948-357-1.aspx
Post #1252984
Posted Thursday, February 16, 2012 11:01 AM


Default port

Default portDefault portDefault portDefault portDefault portDefault portDefault portDefault port

Group: General Forum Members
Last Login: Friday, November 21, 2014 12:51 PM
Points: 1,433, Visits: 3,230
Steve Jones - SSC Editor (2/10/2012)
Richard Sisk (2/10/2012)


It works quite well, we have key change procedures that are used to regularly update the keys. If a backup is stolen, it's no good unless they also know to steal the key backups which are stored protected on another device. It has passed several PA-DSS audits.



How often do you change keys and how big a deal is it? Performance issues? Resources in use? blocking?


This is an excellent question, because if the data set if very large it may not be practical to re-encypt data en-mass when new keys are generated, Having to pull data outside of SQL server and re-encrypt it and write it back is a slow way to do it unless you have a change key mechanism that does it slowly over time.

I prefer to use a hybrid system where I have CLR version of the encrypt and decrypt methods on the server so I can process data in sets very fast. Only admin has execute on theses methods and they keys come from a separate location.




The probability of survival is inversely proportional to the angle of arrival.
Post #1253328
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse