Database
Encryption
Below
is description about different types of encryption methods that can be applied
to protect the database. With the
implementation of SQL Server 2008 or above the best approach to encrypt the
data is to use the Full Database level encryption. One of the major benefits of
using full database encryption is that applications do not have to rely on
built it functions to encrypt /decrypt the data and therefore prevents query
slowness.
Advantages
|
Disadvantages
|
||
Windows BitLocker
|
This service is available at the
Windows Server 2008 and up. This type of encryption protects the data at
volume level
|
·
Minimum impact on disk read/write
·
Volume level encryption protects
system data
|
·
Backups and Logs are not encrypted
·
Logs are not encrypted
|
File Level Encryption
|
This service is available at the
Windows Server platform. This type of encryption protects the database files.
It specifically uses NTFS.
|
·
Easier to implement since it
leverages NFTS platform.
·
Leverages Windows key management store
|
·
Backups and Logs are not encrypted
·
Logs are not encrypted.
·
Need OS level administrative access
on the server
·
Async
I/O can experience slowness
|
Cell Level Encryption
|
This is the legacy encryption method
from SQL Server 2005. This type of encryption protects at the field level for
the database. SharePoint databases cannot benefit from this type of
encryption due to schema restrictions.
|
·
N/A
|
·
Cannot use with SharePoint
|
Full Database Level Encryption
|
This is new service called TDE
(Transparent Data Encryption) that is introduced in SQL Server 2008. All the
data get encrypted in the database mdf and ldf files. Only time the data is
decrypted is when the information is read and display at the application
level.
|
·
Full database backup
·
Backups are encrypted
·
Transaction Logs are encrypted
·
TempDB is encrypted
|
·
Encryption puts extra load on the
system
·
Application independent. The
application is not affected by encryption
·
Data in transit is not
encrypted. SSL can leverage to
mitigate data in transit
|
Application
Level Protection
- Double hop authentication using delegation.
- Tickets are renewed after a certain time which reduces roundtrips to domain controller. Improves performance
- Authentication at the Server Level
In order to implement Application level protection,
SharePoint has to configure at a domain level with Active Directory
authentication.
Hemant Datta is the COO for JHC Technology. He can be reached at hdatta(at)jhctechnology.com, @hdatta, or connect with him on LinkedIn.
Very nice blog, you given useful information, Very great article, Thank you for sharing this wonderful article.
ReplyDeleteamazon cloud computing in india
Nice post. It is very helpful.
ReplyDeleteEngineering Classes in Mumbai
F*ckin’ awesome things here. I’m really glad to see your post. Thanks a whole lot and i am looking forward to contact you. Will you please drop me a e-mail? Autoankauf
ReplyDeleteAll your hard work is much appreciated your thoughts. This content data gives truly quality and unique information. I’m 카지노사이트 definitely going to look into it. Really very beneficial tips are provided here and, Thank you so much. Keep up the good works.
ReplyDeleteI do agree with all of the 바카라사이트ideas you’ve presented in your post.
ReplyDeleteNice one! Thank you for sharing this post. Your 토토사이트 blog posts are more interesting and impressive.
ReplyDeleteYou are fantastic. You're truly like an angel that composed this fantastic things as well as composed it to your visitors. Your blog site is ideal, consisting of material design. This ability resembles an expert. Can you inform me your abilities, as well? I'm so interested. 바카라사이트
ReplyDelete