[ale] [OT] TDE - effective, theatre or in between?

JD jdp at algoloma.com
Fri Aug 9 16:08:16 EDT 2013 

So ... DB2 is the answer?  Say it ain't so!

On 08/09/2013 04:05 PM, Jim Kinney wrote:
> yay! Someone else having HIPPA fun!
> 
> I would argue LOUDLY that unless the DB supports something as potent as
> SEPOSTGRES (column locking at the kernel level) and fully-encrypted filesystem
> then it's not safe to even concider it. That will block out M$ AND Oracle :-)
> 
> row-level locking with sepostgres is not ready for primetime.
> 
> Now talk to them about MLS security and watch their eyes pop.
> 
> 
> On Fri, Aug 9, 2013 at 3:36 PM, Sid Lane <jakes.dad at gmail.com
> <mailto:jakes.dad at gmail.com>> wrote:
> 
>     can anyone cite a known PII/PHI breach which all else equal TDE would have
>     prevented?  if not can you describe such a hypothetical breach (again, all
>     else equal)?  no points for lost unencrypted backups - that's operator error
>     & trivially avoided..
> 
>     I've been tasked with developing & deploying a database encryption strategy
>     for HIPAA-governed PHI & have lots of people touting M$ and/or Oracle TDE.
>      I've put a fair bit of effort into studying each and I'm having a hard time
>     envisioning actual vectors and/or real world attacks against which they
>     would protect (again, all else equal).  as near as I can tell they DO
>     guarantee that your backups are encrypted which does have merit but there
>     are dozens of non-TDE (virtually all far cheaper) to encrypt a database
>     backup.  additionally, as near as I can tell they decrypt into shared memory
>     & may (but don't require) re-encrypt for transport (SSL to client).  am I
>     wrong on these points?
> 
>     I was on a call today w/a vendor where it was asked:  "well, what if they
>     physically steal your server?"  to which I replied:  "well, they'd have a
>     nice doorstop since database is on SAN" which naturally begged:  "well, what
>     if they steal your SAN?" - um, if someone's able to steal a multi-cabinet
>     VSP in under four hours without at least six people & a palette jack & get
>     it off your dock then database encryption (or lack thereof) may not be your
>     highest priority...
> 
>     I realize we're probably still going to have to do it anyway to appease
>     auditors, govt, etc - I just want to know if there's something I'm missing
>     that will convince me this is substantive & not theatre...
> 
>     thanks!
>

More information about the Ale mailing list