Townsend Security Data Privacy Blog

SQL Server Encryption: Three “Key” Things to Remember…

Posted by Michelle Larson on May 10, 2013 3:42:00 PM

With the emergence of data security standards, encryption and key management have become a necessity for most companies storing or transferring sensitive data such as credit card numbers, patient data, social security numbers, and other personally identifiable information (PII). 

SQL Server Encryption Key Management Resources

Transparent Data Encryption (TDE) on Microsoft SQL Server 2008, 2008 R2, and 2012, allows automatic encryption on these editions of SQL Server without application changes. With newly available SQL Server encryption capabilities, encryption key management--a critical step to securing your data--is done easily on SQL Server with extensible key management (EKM). EKM allows customers to choose a third-party encryption key management hardware security module (HSM) and integrate that HSM easily into their SQL database.

Without an encryption key management HSM, SQL Server users are essentially leaving the keys to their data underneath their welcome mat!

Three things to remember for following security best practices:

# 3 – SQL Server Encryption isn’t as imposing as it sounds…

  • Compliance regulations drive the need for encryption and require that you protect the encryption keys apart from the encrypted data storage.  
  • An encryption algorithm is simply a mathematical formula that protects data. The critical element is the way the “Key” to that formula (the encryption key) is managed. 
  • HSMs like Alliance Key Manager create, manage, and protect encryption keys through the entire lifecycle and deliver them securely when they are needed.
  • Alliance Key Manager is a quick, efficient, and compliant solution that is easy to implement with our “Key Connection for SQL Server” EKM provider software. Based on FIPS (Federal Information Processing Standard) 140-2 certified technology, it is easy to implement, deploy, and configure with “out of the box” integration with SQL Server.
  • Townsend Security is Microsoft Silver partner and Alliance Key Manager works with all versions of Microsoft SQL Server including SQL Server 2005. Additionally, Alliance Key Manager allows you to protect sensitive data stored in Microsoft SharePoint and Microsoft Azure.

#2 - You are required to protect data by government and industry created regulations…

  • PCI-DSS (Payment Card Industry – Data Security Standard) for merchants
  • HIPAA/HITECH  (Health Insurance Portability and Accountability Act)/(Health Information Technology for Economic and Clinical Health) for medical providers
  • GLBA/FFIEC (Gramm-Leach-Bliley Act)/(Federal Financial Institutions Examination Council) for the financial industry
  • FISMA (Federal Information Security Management Act) for US Government agencies

Ponemon data breach#1 - Customers expect their data to be protected!

  • PCI-DSS is required for anyone who takes credit cards.
  • While expectations for data protection in the medical and financial industries are wide-spread, and easily understood, compliance regulations affect business and organizations of all sizes. 
  • Beyond the expectations for privacy, and the laws that require it, the consequences of a data breach or data loss can be substantial. 
  • Small to mid-sized companies can be an easy target for data thieves, resulting in costly losses to their business and reputation.


We have resources to share with you about SQL Server Encryption and how to best secure your data.  Please click the button below to access these informative downloads! 
 

Download Resources  


As always, we welcome your comments and questions!

Topics: Separation of Duties, Best Practices, Encryption Key Management, SQL Server