January 20, 2015 at 8:38 am
I am evaluating encryption methods for filestream as I am currently using TDE for non file data but filestream data is exposed. Using SQL 2012 enterprise in availability groups.
I have heard of Bitlocker or EFS and wondering if anyone has any positive or negative experiences with this?
Also third party vendor Vormetric has a solution that I have recently heard about but can't find any information on peoples experiences with it.
http://www.vormetric.com/data-security-solutions/use-cases/database-encryption
April 30, 2018 at 11:46 am
gwellbrock - Tuesday, January 20, 2015 8:38 AMI am evaluating encryption methods for filestream as I am currently using TDE for non file data but filestream data is exposed. Using SQL 2012 enterprise in availability groups.I have heard of Bitlocker or EFS and wondering if anyone has any positive or negative experiences with this?Also third party vendor Vormetric has a solution that I have recently heard about but can't find any information on peoples experiences with it.http://www.vormetric.com/data-security-solutions/use-cases/database-encryption
Hi gwellbrock
I'm facing the same issue on our upcoming project and would like to know which method did you go with (bitlocker, 3rd party or EFS)
Thank you
May 7, 2018 at 10:27 pm
I think EFS would work, or Bitlocker, but you should test
May 8, 2018 at 7:18 am
I ended up not going this direction because of this and storing not in filestream. Now we post blob data to S3 instead.
May 8, 2018 at 8:11 am
And link in the database with a string URL? Is there any concern about synchronization?
May 8, 2018 at 8:55 am
Our PDF storage MicroService actually lives in AWS and the link stored on Aurora now but I see where your concern would be if it wasn't.
May 8, 2018 at 8:59 am
Interesting and thanks for the note. Glad things are working for you.
May 9, 2018 at 9:24 am
Steve Jones - SSC Editor - Tuesday, May 8, 2018 8:59 AMInteresting and thanks for the note. Glad things are working for you.
Thanks Guys
Bitlocker will not work for my case due to it's encryption on the drive level.
I'm going to configure EFS on FileStream folders based on this article https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/
and see how it goes.
I setup a SAN share on which FileStream is stored and will encrypt it with EFS (Windows Server 2012 R2)
I'll post my results in a few days.
May 9, 2018 at 9:34 am
I'm still curious about your results thanks. Ultimately I think all that does is check a box for compliance cause someone I think can still copy those files from the directory or hash edit them or does EFS stop hash editing? Good luck!
May 9, 2018 at 9:36 am
Disregard looks like EFS may stop hash editing!
May 17, 2018 at 2:08 pm
AlexSQLForums - Wednesday, May 9, 2018 9:24 AMSteve Jones - SSC Editor - Tuesday, May 8, 2018 8:59 AMInteresting and thanks for the note. Glad things are working for you.Thanks Guys
Bitlocker will not work for my case due to it's encryption on the drive level.
I'm going to configure EFS on FileStream folders based on this article https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/
and see how it goes.
I setup a SAN share on which FileStream is stored and will encrypt it with EFS (Windows Server 2012 R2)
I'll post my results in a few days.
So here is my setup.
1. Use a domain controller to setup Active Directory Certificate Services. followed this video https://www.youtube.com/watch?v=owkfin2RFDM
2. In SQL Server encrypt the folder in which FileStream data is located. folder color changes to green
At first i encrypted the FS share but after backup/restore ecnryption gets erased so then i encrypted the parent folder.
3. Test with uathorized user was successful.
4. Tested file stream operations within the app successfully.
So far it's working great and SQL Server seems to be working along with EFS.
Thank you
December 14, 2019 at 2:13 pm
I don't know whether you are willing to consider a third party solution, however Encryptionizer for SQL Server (https://netlibsecurity.com/products/sql-server-encryption/) supports FileStream encryption and works with all versions and editions of SQL Server from Express to Enterprise. (Disclaimer: I am with NetLib Security).
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply