Data encryption (column level)
-
I'm currrently involved a project to evaluate data encryption software (column level) for our SQL 2000 platform (all levels, cluster). I would like to hear if any of you have any experience on this topics. Any recommendations, things to lookout, problem encountered...
Currently Microsfot Website list 4 products:
XP_Crypt
NetLib Encryptionizer
Protegrity
DBEncrypt
If any of you use any of the above, can you share your opinions and thoughts ?
Thank you in advance.
-
Is this something you want for a program you are developing? Or is it something you want for the SQL Server backend (i.e. something to be able to run in T-SQL)?
For encrypting sensitive data in our DB, I simply wrote a .NET Cryptography Lib with two Methods...Encrypt / Decrypt. The is plenty of FREE source code out there for developing encryption. I used NVarChar Data Types (the Length of which depends upon how much data you'll be encrypting.
I haven't had any experience with the products ou've listed, but I think I'll look into them
. -
Haven't used them, but protegrity was at PASS and it was a pretty good looking system. A little $$$ for me, but it seemed to be setup right, key escrow was there, etc. Doing your own will work, but the key management is hard. That's the undoing or most systems, so be sure you can change keys as well as keep them secure.
-
First of all, thank you for all your input. I also heard some of the vendor package was a hog when installed. Is anyone experience this problem ?
-
My company uses xp_crypt for encrypting credit card numbers. The package has performed well for us and is not expensive. Support is by e-mail but is prompt.
Xp_crypt's performance is good, but will vary according to the encryption algorithms you choose. For example, public key algorithms intrinsically require a lot more computational steps than private key algorithms, so they use more CPU.
Sometimes the hardest part of using encryption is figuring out where you will keep the keys and who will have access to them. In other words, there is not much benefit to encrypting data if the key to that data is sitting around unprotected in a readily-accessible disk file. Xp_crypt provides some support for this. If you have severe requirements for key security you can look at the hardware encryption devices (sold by Rainbow Technologies and others) which do on-board key storage and encryption.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply