Andrew’s Tech*Ed Blog

No, I’m Not at the Pool!

Sharepoint Support of Encryption

Ok – Well I went to a session that said “Q&A with Sharepoint Architects – A Panel Discussion”.

So, I tried my question again (hoping for better results than my last attempt in the community lounge).

Question:

  • I work in the financial services industry, and more and more of our customers are requiring that all of our data (primarily at rest) be encrypted.  We have a large investment in Sharepoint.  What options do we have in order to meet our customer’s security needs?

Answer:

  • Use SQL Server 2008 (when RTM’d), because its Transparent Data Encryption (TDE) will encrypt the database at the disc level.  This should address the “data at rest” part of the issue.
  • In order to address the transaction level security, use SSL between Sharepoint & SQL Server.

So, initial impression is that this may meet the needs for our customers, but will need to vet this out further with Speas.  Still need to work on how to prevent people from taking the data outa Sharepoint with them when data is not in a format covered by IRM.

FOLLOWUP:  So, What Exactly is Transparent Data Encryption in SQL Server 2008?

  Here’s the official verbiage from Microsoft:

“Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.”

Possibly related posts: (automatically generated)

June 12, 2008 - Posted by Andrew | Tech*Ed 2008 | , | 4 Comments

4 Comments »

  1. That’s really good news and in my opinion will support our needs for encryption of data at rest on Sharepoint. Encryption is becoming a de facto need for data storage so I’m really glad to see them developing a solution within Sharepoint.

    Thanks for the update and the posts. Keep it up! Also, now when are we upgrading to SQL 2008???

    Comment by Speas | June 12, 2008

  2. SQL 2008 doesn’t get RTM’d until later this year. It’s currently at Release Candidate 0, so it’s supposedly very stable … might try to get it up and running on a test box with Sharepoint to see how it works.

    Comment by Andrew | June 12, 2008

  3. Hmmm !! I wish MS plan these things much better. Lots of people (like us) would have put lot of effort in getting their data stored in the databases secure. This sounds like more simplified and less programming (SPs, Triggers and so on) changes.

    Ofcourse, one would like to wait and see whats new this release is going to bring from architectural point of view. But, With 2-3 years of time frame between these two releases it appears like a significant enhancement and it will be interesting to see what it means to the clients who implemented encryption with SQL 2005.

    May be catch-up with you on Encryption with SharePoint concerns today, when you are here.

    Comment by Satya | June 13, 2008

  4. Hi,

    Interesting news you have here. However, although TDE will protect the data ‘at rest’, how is it going to prevent the server admnistrators or SharePoint administrators from accessing sensitive information, i.e., how do you guard the guardians?

    Comment by liewgm | October 30, 2008


Leave a comment

« Previous | Next »