Discover Server Security News
How To Use Encryption On Database Contents
Database-encryption technology isn't new. Ingrian Networks' DataSecure Platform, which lets you encrypt certain fields before you enter them in the database and automatically decrypts them on the way out, has been around for a couple of years. But until recently, database encryption wasn't right for most enterprises. With the Health Insurance Portability and Accountability Act (HIPAA) now a reality, though, the stakes are higher than ever when it comes to compromised customer and employee data, and many organizations are taking a second look at encrypting their databases.
But you can't encrypt everything in your database. Indexed fields, for example, can't be encrypted because your database-management software will sort the encrypted strings in hexadecimal values, which won't match the real, unencrypted form. So your index, which is supposed to speed access to the data by preordering it, won't work. Even if you could relate the encrypted index field to the original data, the collation order wouldn't match. Until databases support encryption natively, encrypted indices will be a problem.
Remember that any indices generated from encrypted fields won't be valid, either. And because these fields don't relate to the actual data, it'll be harder for the database administrator and developer to debug problems. As a matter of fact, unless you have a mechanism to decrypt your database data on the fly, any query that uses encrypted fields to search or order data will cause trouble.
The link for this article located at SecurityPipeline.com is no longer available.