Databases Reference
In-Depth Information
secure, then you're adding complexity and overhead to your environ-
ment without clearly adding any value to it.
Recovery.
A related issue to key management has to do with recovery.
Can you lose your keys? What happens if you do? Will you never be
able to access your data? Again, this is one of the issues in key man-
agement but one that you should ask yourself (or the tool vendor you
decide on) before you start.
Integration with Public Key Infrastructure (PKI) systems
. This is another
topic that is synonymous with key management. Many of the issues
you need to address when you start encrypting data are similar to
issues that others in other areas of IT also need to address, such as
document management, Web server administration, e-mail systems,
and so on. Because of the common nature of these issues, a category
of tools called PKI has emerged, and these tools offer complete solu-
tions to issues of key management. It would therefore be wise to look
into these capabilities, especially if a vendor of choice for PKI is
already being used within your company.
Backup and restore
. How does encryption affect your backups? There
are two topics you should address. The first is to make sure that back-
ups are done in a way that the data in the backup files is also
encrypted. Otherwise, a thief could simply get the backup files with
the unencrypted data rather than take the data from the database.
The second (and more complex) issue has to do again with key man-
agement. What happens if keys are periodically changed? How do
you save the keys that were used when making the backups, where are
they saved, how are they secured, and how are the backups associated
with the keys without which they are useless?
Clustering
. How does encryption affect your clustering options? Are
keys shared by all clusters of the system, and does your key manage-
ment strategy support your clustering strategy?
Replication
. Are you replicating encrypted data, and, if so, how do
you replicate keys? If you allow a database pointing at your database
to have access to your keys, how do you continue to ensure the secu-
rity of your keys?
Performance
. How will encryption affect database performance?
There is no way around the fact that encryption and decryption will
affect your database performance, and just how much depends on
how much you encrypt, which encryption algorithms you use, and
which encryption solution you select. As an example in a benchmark
Search WWH ::
Custom Search