transparent-data-encryption-page-banner

Transparent Data Encryption Key Management

Key Management for Microsoft SQL Server and Oracle Databases

Transparent Database En)cryption (TDE) Key Management

transparent database encryption tde key managementMicrosoft SQL Server and Oracle Database solutions provide native transparent database encryption (TDE) that protects the data stored in their customers’ enterprise and cloud-hosted databases. However, they store these TDE keys along with the database tables that are being encrypted.

Managing encryption keys presents challenges such as isolating them from the assets they protect and storing them securely—is not only a best practice for key management, but a common industry data protection mandate. Encryption key management challenges multiply as organizations use multiple databases for different purposes, each requiring dedicated key management to ensure that keys are securely stored, backed up and available when needed.

Thales enterprise key management solutions centralize key management for your enterprise and cloud-hosted Microsoft SQL Server and Oracle Database, providing organizations greater command over the keys while increasing your data security. The CipherTrust Manager, the core of the CipherTrust Data Security Platform enables centralized management of Microsoft SQL and Oracle TDE keys and keys used in the rest of the Thales data protection portfolio.

  • Challenges
  • Solutions
  • Benefits

Cybercriminals Target Databases

Many enterprises that take advantage of Big Data, such as Amazon, Google, Facebook, eBay, Netflix and Twitter, employ Microsoft SQL and Oracle databases. And, as you might expect, cyber criminals are targeting these databases to steal sensitive data stored in them.

Administrative Complexity across multiple Databases

Administrators are faced with a complex and costly task of managing disparate encryption keys for many different databases accumulated over time from separate vendors. And, given that each instance of Oracle and SQL Server requires a separate encryption key, disparately supported key manager resulting in more complexity and increased risks of having keys lost or stolen.

Operational Inefficiencies of Key Management

Managing encryption keys for each data repository, and manual systems to store and transmit encryption keys, lack of password control and centralized ways to revoke keys when employees leave creates operational inefficiencies and result in data breaches.

CipherTrust Manager

CipherTrust Manager is a high-availability appliance that centralizes encryption key management for Oracle Database and Microsoft SQL Server TDE as well as a variety of additional Thales and third-party encryption solutions. CipherTrust Manager enables managing direct key life-cycle tasks including generation, rotation, destruction, import and export as well as provide abilities to manage certificates and secrets.

Oracle Database Transparent Data Encryption

CipherTrust Enterprise Key Management solutions complements Oracle Database native TDE by centrally storing and managing Oracle Database encryption keys. As a part of the Oracle Advanced Security TDE two-tier key architecture, Oracle Database uses master encryption key (MEKs) to encrypt the database encryption keys (DEKs), which are used to encrypt columns and table-spaces within the databases. Thales key management solutions interface with the Oracle Wallet to protect and manage these MEKs within a secure FIPS-certified boundary.

Microsoft SQL Server Transparent Data Encryption

CipherTrust Enterprise Key Management solutions complement Microsoft native TDE by providing secure storage and management of the keys used in Microsoft’s database encryption scheme. Microsoft TDE encrypts the sensitive data in the SQL database using a database encryption key (DEK), and Thales interfaces with Microsoft Extensible Key Management (EKM) to store and manage the DEKs in the FIPS 140-2 compliant CipherTrust Manager.

Thales enterprise key management solutions enable organizations to centrally manage keys independently from your database applications will help you streamline operations, fulfill compliance mandates and better protect your sensitive data. And as your needs expand, Thales solutions can grow with you.

Encryption for all Enterprise Databases

While the CipherTrust Manager can manage keys and protect data in Microsoft SQL Server and Oracle databases, the database encryption solutions offered by the CipherTrust Data Security Platform can manage keys and provide database encryption across multiple databases – Oracle, IBM DB2, MySQL, NoSQL and Sybase. Thales data protection solutions can secure databases on Windows, Linux and AIX operating systems, and offers coverage for physical, virtual and cloud-based environments.

Operational Efficiency

CipherTrust Manager offers a single unified console to centrally manage cryptographic keys and policies across multiple database environments, to minimize administrative overhead. With broad coverage of database solutions, the CipherTrust platform enables customers to reduce cost and avoid complexity of managing multiple database encryption silos.

Scalable and Flexible

The CipherTrust platform offers multiple products – CipherTrust Manager to manage TDE keys across databases from multiple vendors, CipherTrust Transparent Encryption to encrypt data at the file-system or volume level without modifying applications. The CipherTrust platform uses hardware level encryption technology built into Intel AES-NI chips that offer significant performance improvements for file encryption/decryption operations.

  • Related Resources