:: infotechGuyz.com ::
> For the IT community by the IT community

• BlackBerry Server (BES)
• Excel Macro/VBA
• Exchange 2007
• Exchange 2010
• Lync 2010
• Scripting/Command-line
• SQL Server 2008
• SQL Server 2012
• Team Foundation Server
• VMware
• Windows 7
• Windows 8
• Windows Server 2008
• Windows Server 2012

Managing Encryption Keys via External Provider

 

 

Another new feature in SQL Server 2008 that offers greater key security is Extensible Key Management. EKM enables you to manage your encryption keys via an external provider. This allows for flexibility and choice in encryption providers as well as common key management across your enterprise.

With the growing demand for regulatory compliance and concern for data privacy organizations are taking advantage of encryption as a way to provide a "defense in depth" solution. As organizations increasingly use encryption and keys to secure their data, key management becomes more complex. Some high security DBs use thousands of keys, and you need to employ a system to store, retire, and regenerate these keys. This approach is often impractical using only DB encryption management tools. As a solution, various hardware vendors provide products to store encryption keys on hardware or software modules. These products also provide a more secure key management solution because the encryption keys do not reside with encryption data. They also move the key management workload from SQL Server to a dedicated key management system.

Extensible key management in SQL Server 2008 also supports the use of Hardware Security Module, which enables the encryption keys used to protect your data to be stored in an off-box device such as a smartcard, USB device, or EKM/HSM module, providing a physical separation of keys from data. SQL Server 2008 Extensible Key Management enables third party EKM/HSM vendors to register their modules in SQL Server. When registered, SQL Server users can use the encryption keys stored on EKM modules. This enables SQL Server to access the advanced encryption features these modules support such as bulk encryption and decryption, and key management functions such as key aging and key rotation. SQL Server 2008 Extensible Key Management also offers data protection from DB administrators. Data can be encrypted by using encryption keys that only the DB user has access to on the external EKM/HSM module.