Secure SQL Server backups

Question

Post reply

Secure SQL Server backups

bsdtux

Mr or Mrs. 500

Points: 522
More actions
October 7, 2011 at 7:01 am

#390568

Hi Forum, I am hoping someone can help me out. We are needing to ship a copy of a database to the vendor, however it contains financial data. So what would be my best option for making sure that the backup is secure. This will be transported on a 500 gb external hard drive.

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply

Ninja's_RGR'us SSC Guru Points: 294069 More actions · Answer 1

Personally I'd just rather give them access to a test server and restore the latest copy of prod.

Any reason you can't go that route?

If that's not an option I'd try to find a drive that encrypts the data very well and then set a very strong password. Something as insane as this =>

*NQkLxQ&$eDxMs$1l8QoDHRHZdUb$bk!GYPS5@nw^1COe@PBLNA9mXX@#5Wz4DWJ

No way to crack that easily even if you have the drive available for months.

1 last thing. Make sure you test the drive so that the restore works. Nothing worse than having to restart that process.

bsdtux Mr or Mrs. 500 Points: 522 More actions · Answer 2

Thanks for the Advice. I will certainly do a test from that drive. As for them trying on test I am not really sure. I was given this task by the CIO and when I asked about them using our test environment I got brushed off. So instead of arguing I just chose to follow orders even though I didn't agree with it.

But luckily the drive they sent me has AES 256 Bit encryption so I feel a little better.

Ninja's_RGR'us SSC Guru Points: 294069 More actions · Answer 3

bsdtux (10/7/2011)
Thanks for the Advice. I will certainly do a test from that drive. As for them trying on test I am not really sure. I was given this task by the CIO and when I asked about them using our test environment I got brushed off. So instead of arguing I just chose to follow orders even though I didn't agree with it.
But luckily the drive they sent me has AES 256 Bit encryption so I feel a little better.

That was my next point. Make sure your boss understands the risks and signs off on it (ideally via e-mail, which I'd promptly make 3-4 copies off!).

The bottom line is that as soon as the data leave the building you lose control over it. And there's nothing you can do besides suing the vendor.

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 4

Send the encryption password separately from the drive. If the drive is lost, the key to get in shouldn't be in there.

bsdtux Mr or Mrs. 500 Points: 522 More actions · Answer 5

Yeah we have encrypted email so I figured I would send and email after I ship out the drive. I work in a Hospital and after reading about someone loosing 4.9 million patient records, we have really stepped up the security practices around here.

cindyaz Ten Centuries Points: 1229 More actions · Answer 6

do the vendor needs to access the financial data? if not, you can scramble key columns in the database(customer details, account numbers etc), then take a backup and send to them.

Ignacio A. Salom Rangel SSC-Insane Points: 20443 More actions · Answer 7

Ninja's_RGR'us (10/7/2011)
Personally I'd just rather give them access to a test server and restore the latest copy of prod.
Any reason you can't go that route?
If that's not an option I'd try to find a drive that encrypts the data very well and then set a very strong password. Something as insane as this =>
*NQkLxQ&$eDxMs$1l8QoDHRHZdUb$bk!GYPS5@nw^1COe@PBLNA9mXX@#5Wz4DWJ
No way to crack that easily even if you have the drive available for months.
1 last thing. Make sure you test the drive so that the restore works. Nothing worse than having to restart that process.

Ninja I have a question regarding your advice. By restoring production data on your test environment, wouldn't you need to buy a license for your test server? As far as I can remember Microsoft asks for a license on Servers with production data.

My blog

Ninja's_RGR'us SSC Guru Points: 294069 More actions · Answer 8

Ignacio A. Salom Rangel (10/9/2011)
Ninja's_RGR'us (10/7/2011)
Personally I'd just rather give them access to a test server and restore the latest copy of prod.
Any reason you can't go that route?
If that's not an option I'd try to find a drive that encrypts the data very well and then set a very strong password. Something as insane as this =>
*NQkLxQ&$eDxMs$1l8QoDHRHZdUb$bk!GYPS5@nw^1COe@PBLNA9mXX@#5Wz4DWJ
No way to crack that easily even if you have the drive available for months.
1 last thing. Make sure you test the drive so that the restore works. Nothing worse than having to restart that process.
Ninja I have a question regarding your advice. By restoring production data on your test environment, wouldn't you need to buy a license for your test server? As far as I can remember Microsoft asks for a license on Servers with production data.

I'll preface this by talk to your own MS representative because I'm certainly no expert here.

Dev machine are fine with dev licenses.

Test, QA could be under the same model UNTILL you start sending users to do QA testing. At that point you need to buy the cals.

AFAIK, the data itself makes no difference, it's based on who connects to the server.

bsdtux Mr or Mrs. 500 Points: 522 More actions · Answer 9

I think that depends. If your test environment is stictly for development then I think you can use the developer edition. However if it is used for testing, QA, then as you said it will need to be licensed accordingly.

If I can find where I read that I will post it here.

Ninja's_RGR'us SSC Guru Points: 294069 More actions · Answer 10

bsdtux (10/10/2011)
I think that depends. If your test environment is stictly for development then I think you can use the developer edition. However if it is used for testing, QA, then as you said it will need to be licensed accordingly.
If I can find where I read that I will post it here.

It only comes down to labels. I've had setups where I had dev locally, also on test, but then we also had a QA where actual users would login. The first 2 would be dev licenses and the last one SHOULD have been cals but the network admin couldn't bothered with that :crazy:.

Prod was also badly licensed. I just had a blanket answer that it was what their rep had said. Even if I proved him wrong with the offcial ms documentation.

I don't mind an honest mistake... but blindly ignoring it is another issue!

Ignacio A. Salom Rangel SSC-Insane Points: 20443 More actions · Answer 11

Ninja's_RGR'us (10/10/2011)
Ignacio A. Salom Rangel (10/9/2011)
Ninja's_RGR'us (10/7/2011)
Personally I'd just rather give them access to a test server and restore the latest copy of prod.
Any reason you can't go that route?
If that's not an option I'd try to find a drive that encrypts the data very well and then set a very strong password. Something as insane as this =>
*NQkLxQ&$eDxMs$1l8QoDHRHZdUb$bk!GYPS5@nw^1COe@PBLNA9mXX@#5Wz4DWJ
No way to crack that easily even if you have the drive available for months.
1 last thing. Make sure you test the drive so that the restore works. Nothing worse than having to restart that process.
Ninja I have a question regarding your advice. By restoring production data on your test environment, wouldn't you need to buy a license for your test server? As far as I can remember Microsoft asks for a license on Servers with production data.
I'll preface this by talk to your own MS representative because I'm certainly no expert here.
Dev machine are fine with dev licenses.
Test, QA could be under the same model UNTILL you start sending users to do QA testing. At that point you need to buy the cals.
AFAIK, the data itself makes no difference, it's based on who connects to the server.

Thanks for your reply! 🙂

My blog