SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Encrypt Everything

By Steve Jones,

Security is a problem with so many of our applications and systems. There are numerous ways that we handle access and protection of data, often with access rights or encryption (or both) being applied to data in order to limit who can access the data. However neither of these systems is perfect for a variety of reasons and no matter how we configure our security, it seems there are always issues.

Yahoo announced recently that they are trying to improve their security by encrypting all data that moves between their data centers. Other large internet companies do this, though not all. However, this doesn't necessarily mean that your data is much more secure than it was before. This should make it more difficult to access data while it is transiting networks outside of Yahoo's control, but there are still potential issues. Just as with TDE, any legitimate user inside a data center that has access to the LAN or systems inside the data center can still potentially read the data.

I'm not picking on Yahoo here as the same issues might exist with Microsoft, Google, or any service provider that encrypts data between its facilities. This system also suffers from the potential compromise of the keys used to encrypt traffic if any employee were to sell, disclose, or lose a copy of them on laptop.

However this is a good start, and it does mean that the NSA or any other organization that looks to read data in transit must work harder to access your data if it's encrypted. I think it's such a good idea that I think we ought to start encrypting all traffic by default. LAN, WAN, whatever. We've had tremendous advances in hardware and I'd argue that most of us have more powerful hardware than we need. If we decided t take the hit to encrypt all traffic now, we'd become used to the overhead and we'd have better security overall.

I'd love to encrypt all data on disk, but I know people get nervous about losing data. A good start, however, would be to ensure all data in transit is protected.

Total article views: 380 | Views in the last 30 days: 2
Related Articles

Webinar- SQL Server 2016 - Always Encrypted / Security

Join Webinar on SQL Server 2016 - Always Encrypted / Security. Thu 2/23/2017 from 12 PM to 1 PM ...


Security Managemen Systems

problem with Security Managemen Systems


Implementing Encrypting File System (EFS) with SQL Server

EFS provides a mechanism for encrypting files completely transparent to higher level applications su...


Stairway to SQL Server Security Level 9: Transparent Data Encryption

Even an otherwise well-secured database is susceptible to attack if an attacker is able to get acces...


Problem with encryption