Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Gavin Payne Transparent Data Encryption The Hows, Whys and Whens."— Presentation transcript:

1 Gavin Payne Transparent Data Encryption The Hows, Whys and Whens

2 Introduction to Encryption SQL Server Encryption Concepts Transparent Data Encryption Demo Considerations Introduction 60 minutes

3 Gavin Payne Solution Architect 3.5 years SQL Server DBA 10 years SQL Bits 7 SQL Server User Group SQL Social Bloghttp://blog.gavinpayneuk.com Twitter@GavinPayneUK About Me

4 We all have information we want to hide from others To save embarrassment To keep trade secrets secret To comply with regulatory compliance (e.g. PCI-DSS) To comply with legal requirements (e.g. DPA) However: Some people might actively try and steal data Some people might accidentally find it Why Encrypt?

5 Plaintext Cipher Key Ciphertext Simple Encryption Concepts

6 Symmetric encryption Where the same key is used to encrypt AND decrypt Very fast but requires secure transport of the key Asymmetric encryption Public key encryption Different keys are used to encrypt and decrypt Either key on its own is useless Common Encryption Terms

7 Key Must assume the cipher is known and available Key makes the execution of the cipher unique Certificate Confirms the owner of a public key Using a verifiable 3 rd party digital signature Common Encryption Concepts dhuiowe5 hvg5u84yv87905yv89y47 89ny3v8924ytc79wdrnywgdrygsdfh

8 Why Is Database Encryption Needed?

9 Database Encryption Methods

10 SQL Server has a large internal encryption hierarchy Very flexible and self-sufficient All manageable via T-SQL Can hook into external encryption hardware Make sure you understand how to backup/restore! SQL Server Encryption

11 Common term also used by Oracle Transparent Data Encryption is new in SQL Server 2008 Enterprise Edition only feature Designed to protect data against unauthorised access at rest (MDFs, LDFs and backups) You can steal my disks but not my data What is TDE?

12 Turnkey database storage encryption tool Transparent to applications and code Operates at the IO level within SQL Server A slight performance overhead (approx 6%) As dev’s strive to reduce database IO the effect of encryption is also reduced What is TDE?

13 Enterprise Edition feature suggests enterprise need Primarily financial services and healthcare But theft of any data is grabbing more headlines Delivers complete database storage encryption With a comprehensive management framework When to use TDE

14 System/Service Master Key Database Master Key Server Certificate Database Encryption Key TDE Components

15 Demo

16 Backup SMK Create a new user database Create DMK, cert, DEK Encrypt DMVs Backup and then restore elsewhere Demo Summary

17 Key and certificate management is crucial Backup compression benefits lost entirely Backup portability severely hampered IO overhead quoted at about 6% Tempdb gets encrypted for everyone Things to be aware of

18 Encryption is based upon ciphers and keys Nothing new in the database world Although such a turnkey and complete option is Key management within SQL Server is crucial Backups and tempdb get encrypted as well as data Summary

Download ppt "Gavin Payne Transparent Data Encryption The Hows, Whys and Whens."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Gavin Payne Oracle for SQL Server DBAs. Why Oracle? Installation Physical Storage Backup and Recovery 20 slides in 50 minutes Inside the database Programmability.

Gavin Payne Oracle for SQL Server DBAs. Why Oracle? Installation Physical Storage Backup and Recovery 20 slides in 50 minutes Inside the database Programmability.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
1 Database Security & Encryption

1 Database Security & Encryption
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Informatics and Control Systems Faculty. Student: Levan Julakidze Informatics and Control Systems Faculty Doctorate II year Leader: Zurab Kochladze TSU.

Informatics and Control Systems Faculty. Student: Levan Julakidze Informatics and Control Systems Faculty Doctorate II year Leader: Zurab Kochladze TSU.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Similar presentations

Ads by Google