This article can also be found in the Premium Editorial Download "Information Security magazine: 12 security lessons for CISOs they don't teach you in security school."
Download it now to read this article plus other related content.
Most database encryption solutions encrypt the entire database and provide access to all database user permissions. But, this approach is too slow for the robust performance needed for production databases. DataSecure encrypts the data itself, not the entire database, and allows granular access to specific rows, columns and elements based on users, groups and roles.
DataSecure is middleware that sits between the data store and the Web or application server, encrypting data in transit and decrypting it for authenticated users. The Network-Attached Encryption (NAE) Connector software acts as a host-based interface to the NAE server, residing on the appliance.
i211 has the muscle for heavy encryption processing and can handle more than 2,000 cryptographic operations per second with its 2 GB of memory, multiple network cards and ASICs.
The robust key management system relies on user accounts created within the database and DataSecure platforms. Security managers can create new groups and users,
and apply access rules via intuitive graphical wizards. The recovery of keys is limited, as this is inherently a security issue (i.e., if you lose your password, you don't want others using another password to access your data). Account creation takes less than a minute, allowing enterprises to deploy this as part of a global solution. User keys can be created from a selection of cryptography algorithms and key strengths, including AES, RC4, RSA (up to RSA-2048) and TripleDES. Keys are securely stored on the hardened Linux appliance for admins only.
The HTML Frames interface for the DataSecure Platform is on par with other database security appliances: simple graphics and minimal data views. The incorporated help documentation is excellent.
Considering the evolution of embedded database security features and the .NET security framework, the technological lifespan of these Ingrian platforms is unclear. However, for now, it's an excellent choice where database encryption is mandatory.
--James C. Foster
This was first published in February 2005