SQL databases – the traditional technology for managing structured data – are often the largest repository of sensitive data within an organisation. Data of fixed length or format such as credit card or social security numbers live in columns beside e-mail addresses and other useful personal data all held in the same file.
But storing all of this data in one place makes it an attractive target for anyone looking to steal and monetise this sensitive data.
SQL server database encryption is critical, if your goal is to secure sensitive data, intellectual property, comply with privacy or regulatory mandates or simply protect the organisation’s brand against reputational damage. The CipherTrust Data Security Platform enables you to encrypt and secure sensitive assets in your NoSQL databases, while avoiding the challenges traditionally associated with this form of encryption.
Performance Impacts with SQL Server TDE
Microsoft SQL server offers Transparent Database Encryption (TDE) functionality for all encryption operations within the database. This significantly impacts the performance of the database and consumes SQL server resources.
Administrative Complexity across multiple Data Stores
Administrators are faced with a complex and costly task of managing disparate encryption keys for many different databases accumulated over time from separate vendors. They have to factor in the cost of administrative resources required to manage multiple incompatible encryption solutions across Oracle and Microsoft SQL Server TDE.
Operational Inefficiencies of Key Management
Managing encryption keys for each data repository and manual systems to store and transmit encryption keys, lack of password control and centralised ways to revoke keys when employees leave creates operational inefficiencies and result in data breaches.
CipherTrust Transparent Encryption
CipherTrust Transparent Encryption delivers data at rest encryption, privileged user access controls and detailed data access audit logging, with no changes to applications and minimal performance implications. It protects data in Microsoft SQL databases on Windows, AIX and Linux OS’s across physical and virtual servers, in cloud and big data environments.
CipherTrust Application Data Protection
For organisations that need to apply more granular database protection at the column or field level, CipherTrust Application Data Protection, which provides developer friendly APIs to perform encryption and key management operations.
For enterprises that have chosen to use database TDE in Microsoft SQL Server environments, Thales offers centralised key management with CipherTrust Manager. It centrally manages keys for Microsoft SQL and Oracle TDE environments, in addition to managing keys for Key Management Interoperability Protocol (KMIP) clients. It simplifies centralised management of key lifecycle, access policies and auditing changes.
Encryption for all Enterprise Databases
While SQL Server TDE can manage keys and protect data in Microsoft SQL Server databases, CipherTrust TDE Key Management can manage keys and provide database encryption across multiple databases – Oracle, IBM DB2, MySQL, NoSQL and Sybase. Thales’ CipherTrust Encryption solutions can secure databases on Windows, Linux and AIX operating systems, and offers coverage for physical, virtual and cloud-based environments.
CipherTrust Manager offers a single unified console to centrally manage cryptographic keys and policies across multiple database environments, to minimise administrative overheads. With broad coverage of database solutions, the CipherTrust platform enables customers to reduce cost and avoid complexity of managing multiple database encryption silos.
Robust, Scalable Performance
Compared to Microsoft SQL Server TDE, the CipherTrust platform offers multiple products – CipherTrust Manager to manage TDE keys across databases from multiple vendors, CipherTrust transparent encryption to encrypt data at the file-system or volume level without modifying applications. The CipherTrust platform uses hardware level encryption technology built into Intel AES-NI chips that offer significant performance improvements for file encryption/decryption operations.