Published: 09 Feb 2005
Ingrian i211 DataSecure Platform
Price: Starts at $32,500
Ingrian's i211 DataSecure Platform offers flexible, granular database encryption and key management.
Firewalls and other perimeter security applications are the walls around the enterprise castle, protecting the information stored on databases--the crown jewels. However, for enterprises that need stronger data protection, there's Ingrian's i211 DataSecure Platform, a robust encryption/access control engine that blunts the fangs of application-layer attacks.
Databases have myriad security controls to protect data, most involving different forms of access control and all-or-nothing database encryption. Application-layer firewalls can detect and stop many attacks against the database software. Ingrian Networks' i211 series appliances, however, fill a special niche for enterprises that require ironclad protection for most critical databases by encrypting data with up to 2,048-bit key length algorithms.
- Encrypts at the data element level
- Powerdul ASIC-based appliance
- Robust, easy key management
- Mediocre interface
Most database encryption solutions encrypt the entire database and provide access to all database user permissions. But, this approach is too slow for the robust performance needed for production databases. DataSecure encrypts the data itself, not the entire database, and allows granular access to specific rows, columns and elements based on users, groups and roles.
DataSecure is middleware that sits between the data store and the Web or application server, encrypting data in transit and decrypting it for authenticated users. The Network-Attached Encryption (NAE) Connector software acts as a host-based interface to the NAE server, residing on the appliance.
i211 has the muscle for heavy encryption processing and can handle more than 2,000 cryptographic operations per second with its 2 GB of memory, multiple network cards and ASICs.
The robust key management system relies on user accounts created within the database and DataSecure platforms. Security managers can create new groups and users, and apply access rules via intuitive graphical wizards. The recovery of keys is limited, as this is inherently a security issue (i.e., if you lose your password, you don't want others using another password to access your data). Account creation takes less than a minute, allowing enterprises to deploy this as part of a global solution. User keys can be created from a selection of cryptography algorithms and key strengths, including AES, RC4, RSA (up to RSA-2048) and TripleDES. Keys are securely stored on the hardened Linux appliance for admins only.
The HTML Frames interface for the DataSecure Platform is on par with other database security appliances: simple graphics and minimal data views. The incorporated help documentation is excellent.
Considering the evolution of embedded database security features and the .NET security framework, the technological lifespan of these Ingrian platforms is unclear. However, for now, it's an excellent choice where database encryption is mandatory.
--James C. Foster