SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Encryption in Production


Encryption in Production

Author
Message
JChrisCompton
JChrisCompton
SSC-Addicted
SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)SSC-Addicted (438 reputation)

Group: General Forum Members
Points: 438 Visits: 283
At the moment all of our encrypted stuff is encrypted before it is passed to the database.
(C# Framework 4.0 if you care) This means I mostly don't have to answer questions about packet sniffing and other network related weirdness.

But note that we currently don't have an offering for sensitive data (HIPA, etc.), the closest we come is PII (no SSNs) which is honestly either available through other channels already or subject to FOIA.

There is already a group here that handles payment cards and they are on a certified systems with two factor authentication, etc.

HTH,
-Chris C.

Edit: SSN == social security numbers, FOIA == freedom of information act
Steve Jones
Steve Jones
SSC Guru
SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)SSC Guru (65K reputation)

Group: Administrators
Points: 65549 Visits: 19118
Richard Sisk (2/10/2012)


It works quite well, we have key change procedures that are used to regularly update the keys. If a backup is stolen, it's no good unless they also know to steal the key backups which are stored protected on another device. It has passed several PA-DSS audits.



How often do you change keys and how big a deal is it? Performance issues? Resources in use? blocking?

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Ivanova
Ivanova
Old Hand
Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)Old Hand (388 reputation)

Group: General Forum Members
Points: 388 Visits: 947
I have implemented TDE for one 3rd party application where the vendor was unable to make their app work when we asked them to encrypt the sensitive data within the application. I view TDE as very much 'better than nothing' but far from ideal, as anyone with database access (i.e. the DBAs) can read the data, and IMO encryption of sensitive data should always be done within the application, so that it can't be accessed other than through the application.
I'm asked from time to time about using TDE, and my answer to that is the same as when I'm asked about encrypting data to meet PCI DSS requirements - it is better by far to get the application developer or vendor to do this than to rely on the DBMS. Ultimately I believe application vendors who don't include encryption of sensitive data to meet legal requirements in their products will find themselves at a severe competitive disadvantage.
rebecca.amos
rebecca.amos
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 235
There's a useful thread here with advice on 3rd-party tools that can be used for backup management and encryption: http://www.sqlservercentral.com/Forums/Topic367948-357-1.aspx
sturner
sturner
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2296 Visits: 3259
Steve Jones - SSC Editor (2/10/2012)
Richard Sisk (2/10/2012)


It works quite well, we have key change procedures that are used to regularly update the keys. If a backup is stolen, it's no good unless they also know to steal the key backups which are stored protected on another device. It has passed several PA-DSS audits.



How often do you change keys and how big a deal is it? Performance issues? Resources in use? blocking?


This is an excellent question, because if the data set if very large it may not be practical to re-encypt data en-mass when new keys are generated, Having to pull data outside of SQL server and re-encrypt it and write it back is a slow way to do it unless you have a change key mechanism that does it slowly over time.

I prefer to use a hybrid system where I have CLR version of the encrypt and decrypt methods on the server so I can process data in sets very fast. Only admin has execute on theses methods and they keys come from a separate location.

The probability of survival is inversely proportional to the angle of arrival.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search