Cryptography in the Database: The Last Line of Defense

November 2, 2005

Book CoverCryptography in the Database: The Last Line of Defense
By Kevin Kenan.
Paperback: 312 pages
Publisher: Addison-Wesley Professional (October 19, 2005)
ISBN: 0321320735

I just saw this new book on Addison-Wesley’s site and it caught my interest. Encryption in the database is really becoming a necessity as the last line of defense. With all the high-profile cases of companies losing backups tapes with sensitive data that is not encrypted, encryption inside the database is becoming a hot topic. In the example of tapes, you can use encryption as part of the backup process where you don’t need encryption in the database but the most secure way of storing information would be to encrypt it and only allow specific users or role access to sensitive information.

Privacy and how companies store and protect sensitive information is going to be a huge issue in the coming years. With the California law (California Information Practice Act or Senate Bill 1386) that requires companies to disclose any breach of the security of its system, lack of data security becomes a liability. The new law in California (AB 1950) expands the California Information Practice Act by requiring companies not only to report any data lose but to follow best practices to ‘protect’ customer data.

The traditional model of perimeter security where you just put up a few firewalls to keep people out is just not working. Computer crime is getting a lot more sophisticated and national legislation will soon catch-up with California. John Corzine, the Democratic Senator from New Jersey and former chief of Goldman-Sachs is proposing new legislation that would require the management of companies to personally attest to the safeguards in place to protect sensitive data and comply with federal guidelines for data security, integrity and monitoring. If and when that legislation becomes reality, companies are going to get serious about data security as management will be held liable. I’m curious to see how the industry comes forward with solutions to this problem. I know SQL Server and Oracle offer some sort of encryption capabilities at the database column/table level but I have no idea what that does to performance, indexes, query optimizations, etc.

If you are using database encryption successfully, drop me a line or comment. I’d love to hear what you are doing. I am also curious to see where the open-source databases are going to stack up when features like encryption in the database become a necessity and not just a nice-to-have feature.

db, database, encryption, security, SB+1386, AB+1950, cryptography


One Response to “Cryptography in the Database: The Last Line of Defense”

  1. Lee Bolding said

    Sounds similar to Translucent Databases, by Peter Wayner, which is an excellent book and provides code samples.

    I’ll definately have to check this out, although I think that a lot of it will be a rehash of the stuff Peter already describes in his book.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: