December 22, 2014 at 7:17 pm
Hello All,
I am sure this topic has come up before and from my searching of previous material, i have gathered some great knowledge in this subject. I have been provided a task to research a budget friendly way to implement EKM (by HSM or possibly MS Certificate Store) and would like some advice from members that have been apart of the team to integrate or research this subject. Our requirements are quite simple
- Separation of Duties between the DBA's and Network Staff (Key Managers)
- Central management of Encryption Keys/Certificate
We are currently using TDE to encrypt our databases at rest with a single certificate used for all databases. I am aware we can generate a Database Encryption Key (DEK) for each database, however, the ability of the DBA staff to backup the certificate cert/p.key with any password they wish does not satisfy our requirements. With that said, here are some questions i would appreciate some insight on:
1) Can we use MS Certificate Store to manage our certificates. i.e. Network team can generate a certificate through the store and provide this to the DBA staff on request basis. I understand this would be al ot of manual labor to log use etc.. but currently we only have one customer that requires such management practices. It is also a budget friendly option.
2) Recommendation of an EKM/HSM solution. We have been doing our research on such solutions, however, if anyone has had experience with such tools, i would appreciate some insight and/or recommended product. Here are the ones we are reviewing:
ARX’s Private Server (HSM) - http://www.arx.com/products/privateserver-hsm/
Vormetric - http://www.vormetric.com/data-security-solutions/use-cases/MS-SQL
Townsend’s Aliance Key Manager (HSM) - http://townsendsecurity.com/products/encryption-key-management
Safenet Key Management Software - http://www.safenet-inc.com/data-encryption/enterprise-key-management/
Thanks for your assistance!
~ N
December 18, 2015 at 2:13 am
Hi All,
We are also stuck in the same situation where we are reviewing several products but preferring any open source tool. Does anybody have any suggestion or recommendation, which one to use for TDE + EKM solution.
Regards,
Amit
August 24, 2016 at 9:54 am
Apologies for dredging up an old post, but did you come to a decision on this in the end following your evaluation work?
I'm delving into third-party, EKM-integrated solutions myself for SQL Server TDE, with similar criteria/requirements as you had, so would be happy to hear your experiences and decisions in the end.
Thanks 🙂
August 25, 2016 at 3:07 am
I will be looking at vormetric vault
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply