I agree, and if you if you are using high-end SAN Based Disk, then
stealing the physical drives of the database files and its backups rest
on, wont be an issue, unless they stole the SAN along with it, then you
got bigger physical security and access control issues to fry, which
doesn't seem like it in your case. 

 

So back to my other suggestions along with Ken's Bitlocker can do it, or
the 3rd party encryption utilizes, 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:[email protected]

Cell:401-639-3505

 

From: Ken Schaefer [mailto:[email protected]] 
Sent: Friday, July 09, 2010 1:26 PM
To: NT System Admin Issues
Subject: RE: Database Encryption

 

What threat are you actually trying to protect against? The application
will need to access the data in cleartext (since you are not using
in-field encryption of data). So, the only threat that I can see you
mitigating is theft of the server, or theft of the disks in the server.
You could just use Bitlocker to handle that.

 

Cheers

Ken

 

From: Cameron Cooper [mailto:[email protected]] 
Sent: Saturday, 10 July 2010 1:21 AM
To: NT System Admin Issues
Subject: RE: Database Encryption

 

We have two databases that we would be moving to SQL 2008.  We would
need to purchase the per processor license due to clients nationwide
accessing our system. (ie checking reports)

 

We are a pre-employment background screening company that is trying to
get accredited through the NAPBS, and from what I understand in order to
become accredited we need to have the entire database encrypted.

 

_____________________________

Cameron Cooper

Network Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

[email protected] | www.aurico.com

 

From: Ziots, Edward [mailto:[email protected]] 
Sent: Friday, July 09, 2010 12:14 PM
To: NT System Admin Issues
Subject: RE: Database Encryption

 

Two questions, 

 

One how many databases are you moving to SQL 2008, maybe there is the
ability to go with Enterprise Edition R2  for the transparent data
encryption you are seeking, and just have 1 database cluster accordingly
( Active/ Passive).  You don't have to go per-processor for licensing,
but Cal management can be a pain otherwise. Especially if you have proxy
boxes ( webservers, other applications etc etc) connecting to the
database backend, then Per Processor solves a lot of your problems. 

 

Other than that, I know that RED Gate SQL backup, and Quests Litespeed
can produce encrypted backups. 

 

The second question, is why do you need to encrypt the whole database?
why not just encrypt the rows with the sensitive data itself, is this a
PCI DSS requirement they want you to do ? Could not the backups
themselves be encrypted to meet the requirements?

 

Just some thoughts on this thread...

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:[email protected]

Cell:401-639-3505

 

From: Cameron Cooper [mailto:[email protected]] 
Sent: Friday, July 09, 2010 12:32 PM
To: NT System Admin Issues
Subject: Database Encryption

 

All,

 

We are looking to replace our database servers with new hardware and
software and will be running Windows Server 2008 R2 Enterprise Edition
(64bit), with SQL Server 2008 R2 Standard on each machine.  Also, each
machine connects into a MD3000.

 

What would be the best way to encrypt the entire database?  I know this
can be done with the enterprise version of SQL Server 2008 R2, but due
to the cost per processor (for unlimited CALs), we will be going with
the Standard edition.

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to