Encrypting data stored in SQL server

  • Hi All,

    One of our customers, has asked us whether we could build a solution to encrypt the data stored in SQL servers we are hosting. Is there anybody who has experience with this kind of solutions? We are interested in all kind of encryption methods, 3rd party tools, ... you have been working with or you know about.

    Also please pointout the downside of using encryption

    Thanks in advance

     


    Helen
    --------------------------------
    Are you a born again. He is Jehova Jirah unto me

  • This was removed by the editor as SPAM

  • Helen -

    Sounds like time to upgrade to SQL Server 2005 which has encryption built in right out of the box

    Actually, sounds like a perfect reason to get started with 2005, you've got a client that wants one of the important new features and SQL 2005 just went RTM.  Start off small...

    Short of that I assume you're running 2000 which means that you'll have to look for a third party product.  There are a variety of solutions out there, picking your poison is largely a function of deciding what level of encryption you need and how it is to be applied and managed.  There are products that range from a series of extended stored procedures to external appliances/hardware that act as a broker between clients and the database.

    As far as things to be aware of regarding encryption in general:

    (1)  Encryption/Decryption is a very CPU intensive operation.

    (2)  Depending on the type of encryption/decryption you may have to make changes to applications/business processes - though many products claims to work out of the box with no application changes.  Depending on how the encryption/decryption takes place you may end up with queries that are no longer sargeable resulting in poor database performance.

    (2)  Encryption/Decryption is only as good as your key protection - just like user names/passwords, keys must be protected, you can encrypt all you want but if someone can get a hold of the keys.

    (3)  Make sure that your keys are protected from loss/destruction, if all of your data is encrypted and you manage to lose the key (e.g. your DBA has a bus event) you may find yourself with a bunch of data that is unusable/inaccessible.

    Joe

  • I will never encrypt the whole database rather i will encrypt the data which carries importance to business and have it implemented in business logic to encrypt and decrypt it on the fly.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply