SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


FileStream Encryption


FileStream Encryption

Author
Message
gwellbrock
gwellbrock
SSC Eights!
SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)

Group: General Forum Members
Points: 943 Visits: 697
I am evaluating encryption methods for filestream as I am currently using TDE for non file data but filestream data is exposed. Using SQL 2012 enterprise in availability groups.

I have heard of Bitlocker or EFS and wondering if anyone has any positive or negative experiences with this?

Also third party vendor Vormetric has a solution that I have recently heard about but can't find any information on peoples experiences with it.

http://www.vormetric.com/data-security-solutions/use-cases/database-encryption
AlexSQLForums
AlexSQLForums
SSChampion
SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)

Group: General Forum Members
Points: 13834 Visits: 3062
gwellbrock - Tuesday, January 20, 2015 8:38 AM
I am evaluating encryption methods for filestream as I am currently using TDE for non file data but filestream data is exposed. Using SQL 2012 enterprise in availability groups.I have heard of Bitlocker or EFS and wondering if anyone has any positive or negative experiences with this?Also third party vendor Vormetric has a solution that I have recently heard about but can't find any information on peoples experiences with it.http://www.vormetric.com/data-security-solutions/use-cases/database-encryption

Hi gwellbrock
I'm facing the same issue on our upcoming project and would like to know which method did you go with (bitlocker, 3rd party or EFS)

Thank you


Alex S
Steve Jones
Steve Jones
SSC Guru
SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)

Group: Administrators
Points: 688752 Visits: 21594
FWIW: https://social.msdn.microsoft.com/Forums/en-US/fd5acaca-9911-4168-a82d-02a92c0d5a80/can-filestream-directory-containers-be-encrypted-with-efs?forum=sqlsecurity

I think EFS would work, or Bitlocker, but you should test

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
gwellbrock
gwellbrock
SSC Eights!
SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)

Group: General Forum Members
Points: 943 Visits: 697
I ended up not going this direction because of this and storing not in filestream. Now we post blob data to S3 instead.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)

Group: Administrators
Points: 688752 Visits: 21594
And link in the database with a string URL? Is there any concern about synchronization?

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
gwellbrock
gwellbrock
SSC Eights!
SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)

Group: General Forum Members
Points: 943 Visits: 697
Our PDF storage MicroService actually lives in AWS and the link stored on Aurora now but I see where your concern would be if it wasn't.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)SSC Guru (688K reputation)

Group: Administrators
Points: 688752 Visits: 21594
Interesting and thanks for the note. Glad things are working for you.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
AlexSQLForums
AlexSQLForums
SSChampion
SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)

Group: General Forum Members
Points: 13834 Visits: 3062
Steve Jones - SSC Editor - Tuesday, May 8, 2018 8:59 AM
Interesting and thanks for the note. Glad things are working for you.

Thanks Guys
Bitlocker will not work for my case due to it's encryption on the drive level.
I'm going to configure EFS on FileStream folders based on this article https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/
and see how it goes.
I setup a SAN share on which FileStream is stored and will encrypt it with EFS (Windows Server 2012 R2)
I'll post my results in a few days.


Alex S
gwellbrock
gwellbrock
SSC Eights!
SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)

Group: General Forum Members
Points: 943 Visits: 697
I'm still curious about your results thanks. Ultimately I think all that does is check a box for compliance cause someone I think can still copy those files from the directory or hash edit them or does EFS stop hash editing? Good luck!
gwellbrock
gwellbrock
SSC Eights!
SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)SSC Eights! (943 reputation)

Group: General Forum Members
Points: 943 Visits: 697
Disregard looks like EFS may stop hash editing!
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum









































































































































































SQLServerCentral


Search