What threat are you actually trying to protect against? The application will 
need to access the data in cleartext (since you are not using in-field 
encryption of data). So, the only threat that I can see you mitigating is theft 
of the server, or theft of the disks in the server. You could just use 
Bitlocker to handle that.

Cheers
Ken

From: Cameron Cooper [mailto:[email protected]]
Sent: Saturday, 10 July 2010 1:21 AM
To: NT System Admin Issues
Subject: RE: Database Encryption

We have two databases that we would be moving to SQL 2008.  We would need to 
purchase the per processor license due to clients nationwide accessing our 
system. (ie checking reports)

We are a pre-employment background screening company that is trying to get 
accredited through the NAPBS, and from what I understand in order to become 
accredited we need to have the entire database encrypted.

_____________________________
Cameron Cooper
Network Administrator | CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021 | Fax: 847-255-1896
[email protected]<mailto:[email protected]> | www.aurico.com

From: Ziots, Edward [mailto:[email protected]]
Sent: Friday, July 09, 2010 12:14 PM
To: NT System Admin Issues
Subject: RE: Database Encryption

Two questions,

One how many databases are you moving to SQL 2008, maybe there is the ability 
to go with Enterprise Edition R2  for the transparent data encryption you are 
seeking, and just have 1 database cluster accordingly ( Active/ Passive).  You 
don't have to go per-processor for licensing, but Cal management can be a pain 
otherwise. Especially if you have proxy boxes ( webservers, other applications 
etc etc) connecting to the database backend, then Per Processor solves a lot of 
your problems.

Other than that, I know that RED Gate SQL backup, and Quests Litespeed can 
produce encrypted backups.

The second question, is why do you need to encrypt the whole database? why not 
just encrypt the rows with the sensitive data itself, is this a PCI DSS 
requirement they want you to do ? Could not the backups themselves be encrypted 
to meet the requirements?

Just some thoughts on this thread...

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:[email protected]
Cell:401-639-3505

From: Cameron Cooper [mailto:[email protected]]
Sent: Friday, July 09, 2010 12:32 PM
To: NT System Admin Issues
Subject: Database Encryption

All,

We are looking to replace our database servers with new hardware and software 
and will be running Windows Server 2008 R2 Enterprise Edition (64bit), with SQL 
Server 2008 R2 Standard on each machine.  Also, each machine connects into a 
MD3000.

What would be the best way to encrypt the entire database?  I know this can be 
done with the enterprise version of SQL Server 2008 R2, but due to the cost per 
processor (for unlimited CALs), we will be going with the Standard edition.








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to