Encrypt ‘data at rest’ Public Cloud

StackOverflow https://stackoverflow.com/questions/23462268

Question

I’m doing an application architecture that will run on a Public Cloud Service Provider (CSP) and I need to encrypt ‘the data at rest’ (*note it’s not AWS).

I was looking for best practice advice with regards DB encryption, the application uses a PHP front end and a SQL Server DB (it’s a commercial product so don’t go down the PHP/MSSQL app architecture, I have no say in this ;))

We will be using Microsoft SQL Server 2012 (standard edition) and I was wondering what was the best way to solve this (obviously accounting for performance hits too with added encryption):

1.) Use OOTB DB encryption to encrypted the whole DB (or tables etc.), I’ve never used SQL Server encryption so not overly familiar with it?

2.) Encrypt each row level record in the DB using strong encryption methods (algorithms) such as AES, RSA, SHA-25, etc. from the Web/Application Tier (encrypt/decrypt here based on user request “CRUD”)?

3.) Use a combination of both 1 & 2?

4.) Something else that I’m missing?

Our requirement is to only encrypt Personally identifiable information (PII) so only as few table columns need to be encrypted.

Thanks

Cheers

Was it helpful?

Solution

The quick answer:
Protect the PII by both ensuring integrity (sign, hmac, etc) and confidentiality (encrypt). I don't know your architecture in detail, so I'll assume asymmetric isn't buying you anything here (more on that below). Use something like AES 128/256 GCM, or add an HMAC along with something like AES-CBC etc. Make sure to generate a random IV, all the usuals.

Only protect what needs to be protected (why incur the performance hit to protect data that doesn't matter).

The more:
I'm assuming you think the data in transit is safe (message level protection, and/or tls/ssl, etc to get it there) and you truly are focusing on data at rest.

Key Management:
Whether it be a symmetric key or the private key for asymmetric, you need to properly manage it. That super secret key material shouldn't be exposed anywhere but where it truly is needed. Really spend some time following the data and the key material and see if it makes sense. Consider threat modeling.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top