Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Not just for the NSA anymore

Published byDavid Lorenzo Ríos Padilla Modified over 6 years ago

Similar presentations

Presentation on theme: "Encryption Not just for the NSA anymore"— Presentation transcript:

1 Encryption Not just for the NSA anymore
Eric Blinn Encryption Not just for the NSA anymore

2 Eric Blinn Who is this guy?
Sr Data Content Contact info: ericblinn.com linkedin.com/in/ericblinn Note: This guy is nuts.

3 Agenda Intro to Encryption Backup Encryption
Transparent Data Encryption aka TDE Always Encrypted Connection Encryption Before we get started, let’s talk about what encryption is

4 Encryption – What is it? Reversible obfuscation of data
Reversal depends upon a key From Wikipedia: The intended information, referred to as plaintext, is encrypted using an encryption algorithm generating ciphertext that can be read only if decrypted.  Only part of overall security plan Defense in Depth We’ll do the exact opposite of this at the end

5 Encryption – Why should I care?
GDPR - General Data Protection Regulation EU Privacy Law, Effective May 2018 2 Levels of fines, Lower Level and Upper Level Up to €10 million, or 2% of annual worldwide revenue, whichever is higher Up to €20 million, or 4% of annual worldwide revenue, whichever is higher US Based Data Breach Settlements* Anthem (2017) — $115M Home Depot (2017) — $25M Target (2015) — $28.5M *

6 Backup Encryption Now that I’ve scared you into listening….

7 Backup Encryption Introduced in SQL Server 2014 Standard or Enterprise Edition Encrypts native backup files Based on certificate stored securely within SQL Server engine BACKUP DATABASE MyDB TO DISK = N'c:\backups\WideWorldSecure.bak' WITH ENCRYPTION(ALGORITHM = AES_256, SERVER CERTIFICATE = [BackupCert])

8 Transparent Data Encryption

9 Transparent Data Encryption (TDE)
Introduced in SQL Server 2008 Enterprise Only! Encrypts MDF/NDF/LDF files only Does so at rest only Server side encryption/decryption Based on certificate stored securely within SQL Server engine Data encrypted as written to disk, decrypted as read from disk. Not encrypted in buffer pool, BPE, or communication channel. User has no idea.

10 Transparent Data Encryption (TDE)
TempDB gets encrypted Backups inherently encrypted Must use MAXTRANSFERSIZE or lose backup compression Can be combined with backup encryption Should be different certificate from backup certificate Non-blocking operation while being encrypted What did we learn from the demo?

11 Always Encrypted

12 Always Encrypted Introduced in SQL Server 2016 All Editions (SP1) Encrypts specific columns Client side encryption/decryption Based on certificate stored on client machines Data encrypted client side. Stays encrypted in buffer pool, etc

13 Always Encrypted Deterministic vs Non-Deterministic Column limitations based on constraints and data types Is different certificate than backups or TDE Blocking operation while being encrypted What did we learn from the demo?

14 Connection Encryption

15 Connection Encryption
Available in all versions/editions of SQL Server Encrypts data “in-flight” Client and Server side encryption/decryption Secure Socket Layer (SSL)

16 Certificate Importance

17 Certificates Are Important!!
Back up your certificates. Do not lose your certificates. Store them safely and securely. Without them you have nothing.

18 Defense in depth

19 Eric Blinn Sr Data Architect, Squire Patton Boggs
Thank you! Eric Blinn Sr Data Architect, Squire Patton Boggs M O V I N G Y O U F O R W A R D Q + A time

Download ppt "Encryption Not just for the NSA anymore"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Oracle Database Security

Oracle Database Security
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
VM Azure Storage Backup to Azure Storage On Premise Data Files in Azure Storage Optionally Managed Microsoft Azure Secondary Primary AlwaysOn.

VM Azure Storage Backup to Azure Storage On Premise Data Files in Azure Storage Optionally Managed Microsoft Azure Secondary Primary AlwaysOn.
Implementing Secure IRC App with Elgamal By Hyungki Choi ID : 2001523 Date : 12-17-2001.

Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
#SQLSAT454 SQL Server 2016 New Security Features Gianluca

#SQLSAT454 SQL Server 2016 New Security Features Gianluca
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.

SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
The Encryption Primer Steve Jones Editor SQLServerCentral.

The Encryption Primer Steve Jones Editor SQLServerCentral.
March 7, 2013 SQL Encryption and You By Todd Kleinhans

March 7, 2013 SQL Encryption and You By Todd Kleinhans
Over 18 yrs experience with SQL Server

Over 18 yrs experience with SQL Server
Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

Similar presentations

Ads by Google