Time to get serious with encryption

just read an article indicating the some states in the US are making data encryption on disk and on the wire compulsory with some pretty hefty fines

(see http://www.sqlmag.com/article/sql-server/A-New-Law-that-Will-Change-the-Way-You-Build-Database-Applications.aspx)

This pretty much means that soon you’ll need at least transparent data encryption and protocol encryption on every single SQL Server. Happy days for Microsoft in terms of the government practically forcing people to buy Enterprise Edition !!!

While I’ve been a big fan of SSL encryption on web servers to browsers, I was never fond of encrypting the pipe between the database and the app server. usually (on most systems I’ve been involved with locally here) the two boxes are like right next to each other, often with a private LAN. If someone had compromised the physical network at that point, network protocol encryption would be the least of your worries. But with increased security awareness I guess time are changing and we are going to eventually have encryption from disk to client regardless of level of threat.

lets hope no one passes a law saying that we have to have data encrypted in memory as well as on disk and on the wire!! An encrypted buffer pool would make querying fun…

Comments (0)