General discussion

Locked

DB Encryption issues

By greg.rublev ·
Has anyone researched or deployed database encryption using MS SQL or Oracle? What were the biggest challenges during deployment and subsequent usage? What key management approach did you decide to employ?

Thanks,
Greg

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Toolkits Vs software

by graeme.pyper In reply to DB Encryption issues

This is a very broad topic indeed! In most organisations data is in a number of different environments which can be secured using the tool kits (SDK's) that are provided by the Db providers themselves in your case MS SQL and Oracle. Toolkits themselves do not provide all the necessary functionality to address the complete range of data security issues, so it is important to plan sufficient resources to develop a comprehensive solution.
Missing/lacking toolkit functionality:
? Strong encryption key management. Toolkits provide the ability to create encryption keys, but generally provide inadequate solutions for securely managing them. In fact, this is the single most common weakness typically encountered in toolkit-based solutions. Where to store critical
encryption keys and how to manage their recovery in the event of a disaster is left up to the creativity of the developer. Ironically, this is the single most important design decision that ultimately determines the security of the overall solution. The best lock in the world is not very effective if we scribble the combination on the wall.
? Auditing and reporting. Without a robust and secure audit log that tracks critical actions, it is impossible to certify that the system is truly doing its job, and very difficult to reconstruct a security event after the fact. The time and effort to implement a detailed audit function in the
context of a toolkit solution is extensive. This is even more challenging when attempting to manage audit logs across several applications and platforms to truly identify systematic attacks.
? Cross platform support. Most toolkits are unique for a specific database, or are tied to a single application. As a result, they do not provide support for all the platforms a typical company uses.
A truly comprehensive project will require development of multiple solutions in different toolkits, and greatly exacerbate the challenge and the cost.
? Clear definition of roles. In any security environment, the weakest element is when one individual has ultimate control and the ability to circumvent the system. When the solution is ?home grown? the risk of this occurring rises because somebody knows how the whole system is put together.
Good security is based on clear compartmentalization of roles and knowledge, and never on ?trust? in a single individual.

I work for a compay that provides exactly what you are looking at in that we provide an enterprise wide solution for securing data in files, Db's and backup. Key management is a fundamental element however through the use of a central management point this headache is reduced greatly. If you want to know more freel free to get in touch.

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums