Re: Cryptography in SQL Server 2000

From: Christian Olsson (christian.olsson@protegrity.com)
Date: 08/23/02 

From: christian.olsson@protegrity.com (Christian Olsson)
Date: 22 Aug 2002 22:34:37 -0700

I would like to introduce you to Protegrity and its Secure.Data for
SQL Server 2000 Out-of-the-Box database security solution.
 
Often forgotten, the protection, audit and segregation of duties for
sensitive data at rest within the database level are key elements of
security because most data remains at rest in databases for more than
90 percent of its life. A company is vulnerable when its security
solutions focus on perimeter and network, and overlook databases.
 
Secure.Data™ for SQL Server 2000 is an "out-of-the-box" automated
database encryption solution with protected key-management software
for selectively encrypting, securing and controlling access to
enterprise relational database information at the data-item level.
This database security solution is application transparent, which
allows for fast integration, rapid execution, cost-effective security
and privacy compliance. The Solution provides an effective last line
of defense:
 
· Selective and highly secure, column-level data item
encryption

· Cryptographically enforced authorization

· Comprehensive key management

· Secure audit and reporting facility

· Enforced separation of duties

· Interoperability with other security technologies

· Operational transparency to applications

Protegrity developed Secure.Data for SQL Server 2000 in close
co-operation with Microsoft to meet the growing corporate, legislative
and industry-wide privacy and security requirements for securing
content in databases from unauthorized and un-auditable access. For
example, there are industry-wide mandates, such as local privacy laws,
VISA USA Cardholder Information Security Program and also the U.S.
Software and Information Industry Association method of securing
credit card and private consumer data in E-Business sites. It is built
specifically for Internet business solutions using Commerce Server.
The software is interoperability certified for Windows Server 2000;
passed the Commerce Server 2000 Integration Test; and was performance
tested by the SQL Server Test Lab.

Companies select Secure.Data from Protegrity because it delivers an
out-of-the-box security solution that completely protects the
database, is easily implemented in one to three days, and works with
no changes to underlying applications. Protegrity's Secure.Data
database protection and privacy software is an industry-proven
solution for any organization that requires the highest level of
database protection and secure audit trail -- that is why many of the
largest and most successful Fortune 500 companies in the commercial
and consumer finance, investment banking, healthcare, pharmaceutical,
consumer products, and E-Business sectors, including credit card
issuers and processors, are using Secure.Data from Protegrity for
securing information, such as: credit cards, financial, compensation,
secret formulas and patient records in their databases.

Further information about Protegrity's Secure.Data solution for
Microsoft SQL Server 2000, as well as more information about other
Secure.Data information-privacy products and services is available by
contacting Protegrity at:
www.protegrity.com/microsoft

"Anith Sen" <anith@bizdatasolutions.com> wrote in message news:<ONeDVgeSCHA.1496@tkmsftngp11>...
> SQL Server does not provide any inbuilt encyption method.
> You have to use MS Crypto APIs from your front-end to
> develop your own methods to implement encryption solutions.
> If this is for password encryptions, I guess, there are a few
> undocumented methods like PWDENCRYPT, PWDCOMPARE etc which
> you may use (not recommended). Also check out
> http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=1&tabid=2

Relevant Pages

  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • Re: SQL or Access DB
    ... i am aware of the security modell of SQL server (we do use SQL server ... an end user,,, there is not reall alternative as a worgroup Access database ... MSDE and SQL express are all free ...
    (microsoft.public.dotnet.languages.vb)
  • Gain the best from existing resources to improve data security
    ... Some users sent some requests about password protection of the address ... They are concerned by the security of address book data. ... While putting a lock on an address book program or its database is ...
    (comp.security.misc)
  • Re: PDS LOCk
    ... I can't believe that there wouldn't be naming conventions in place that would allow datasets to be named so as to get appropriate access protection even for test/training/non-production datasets. ... There is no reason why additional groups cannot be established (by a Security Admin) if new access patterns arise. ... If your real goal is to prevent unauthorized updates to a specific database, the UPDATE authority to that database should be restricted, whether other users can get to your JCL or not. ... 1)Iam just a programmer. ...
    (bit.listserv.ibm-main)
  • Re: Cryptography in SQL Server 2000
    ... A company is vulnerable when its security ... > database encryption solution with protected key-management software ... > tested by the SQL Server Test Lab. ...
    (microsoft.public.sqlserver.security)