July 28, 2011 at 12:15 pm
Data Encryption: Has anyone used SafeNet's DataSecure/ProtectDB?
It looks like this has been purchased and mandated by our parent company. Just wondering if anyone has looked at it or used it. Apparently it makes copies of any table containing what you configure as "personally identifying fields" Then it creates a view with the same name as the original table so existing code works. Triggers are used and update,insert/delete statements get modified "on the fly" to update the new tables.
One of my many concerns beyond disk space increases and general "overhead" is how long the initial encryption might take on a 1 terrabyte database that will have major growth over the next six months.
August 3, 2011 at 5:54 am
Another concern is if your application sends queries to sql server that include "Like" or range searches. This Safenet product, actually called ProtectDB, has to decrypt every row if the column you're searching on is encrypted -- e.g. borrower name or loan account number. A workaround is to create a new column with a "hash" of the first few characters of the field in question. Not sure what was meant by "hash"
August 4, 2011 at 1:04 pm
@Indianrock - we used Safenet at my old workplace and as you may have noticed it is cumbersome to manage the encrypted data. In fact we even used it on an old server on SQL 2000 Std Edn on Windows 2000 all 32 bit and it took a long time to encrypt\decrypt data and besides we had to rotate the keys every 3-6 month which was also a painful process. We had selected the product because it works on multiple platforms (SQL Server, Oracle etc..) and was cost efficient. On the SQL Server side it did improve a little once Safenet supported 64 bit though the databases were not very large - the largest table was 2 million rows and the database was less than 100 GB. The Oracle databases were quite large though the performance seemed a little better though it was always a challenge to upgrade all the database servers when the vendor rolled out a new version. The technical support is not really up to the mark and besides the Tech Support Manager there are only 1-2 people who are technically savvy with the product.
August 4, 2011 at 1:09 pm
We're at 40 million records and about 1TB with major growth coming over the next 12 months. SQL 2005 Enterprise 64-bit on Windows Server 2008R2 64-bit with 128GB memory and shared storage on Netapp Filer.
August 4, 2011 at 1:25 pm
It is hard to say how long it will take as there are quite a few dependencies (hardware, network traffic etc...) and the best would be to try it out on a test server. Presuming that encrypt\decrypt operation on the tables will be performed during off hours the test will give a fairly good estimate on time. As far as the application search functions are concerned, I am curious why would one query with 'LIKE' clause on encrypted data, you may want to check with your IT Security team (if there is one) on that.
August 4, 2011 at 1:52 pm
If you have an "account" number and other fields where the GUI allows the user to search with LIKE ( contains.....), and you have to encrypt that account number or other field then things are going to be slow unless you figure out how to do the "new field with hash of base field" thing. Safenet says in Oracle they have what are called Domain Indexes, but we're trying to figure out how to not destroy performance on Sql Server.
August 4, 2011 at 1:59 pm
I hope that you are able to find a solution soon, Safenet does seem to be more Oracle pro. As I mentioned the SQL Server applications we supported were not very rubust so there weren't any major concerns on the application side. Good Luck!
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply