- Why Encrypt?
- What to Encrypt?
- Encryption over the Wire
- Encryption Methods
- Encryption At Rest
- Encryption Methods
- IBM DEE
- Using DEE with Informix
- Cooked Devices
- Raw Devices
Administrating and Developing with Informix
with Tags: encryption X
MarkJamison 100000ESF6 Tags:  security informix query database encryption expert vormetric 2 Comments 3,785 Visits
So as it has been painfully obvious, I haven't been blogging particularly frequently over the past few months. Now on the one hand, you could just say that the "honeymoon period" for me on the blog is over, but the truth is I've been buried in regulatory compliance stuff and other security related issues. Of late, I've been working especially hard with a customer on implementing IBM Database Encryption Expert and Informix. It's been challenging learning a product that is focused at being integrated into the OS layer, but fun too. Of late though, I've wondered how much that might apply to application developers. Sure the intent is to be as transparent as possible, but if you data is have to be encrypted/unencrypted, do you want to know about it? And if so how much?
So anyway, I'm asking for feedback as to whether you would like to hear a bit more about encrypting databases, the methodologies, and what I firmly believe is the best choice for Informix, well ok all, databases.
So the next question we have , now we know why we encrypt, is what to encrypt.
Ultimately we have only two areas to encrypt. The first area is encrypting our network connection, and the data that goes against them. The second is encrypting the actual data when it is "at rest", which is an industry term indicating encrypting the data where it had permanent or near permanent storage.
Different Compliance standards requests different things. Some only care about the storage, others only the "in flight", and some require both. You have to know what your requirements are if you only want to do some encryption, versus going wholesale.
Important to remember is that any encryption requires a performance cost. Some less than others, but a cost nonetheless.
My next post on this comment will be the network options for encryption.
So I'm sure I can hear now, why even bother with asking the question "why encrypt" , we've been told to do it, and so we need to. You can certainly look at it that way, but the different reasons to encrypt impact application developers differently. In some cases it means you have to make changes to you application, in other cases it means major changes to your application, and in even other cases it means no changes to your application at all.
A quick legend for those unfamiliar with the terminology of securing data:
"over the wire" means that you encrypt or secure your network connection, using SSL is a common method of "over the wire" encryption.
"at rest" means where your data is stored is secured. I would love to call this "disk level encryption", but the truth is DLE is a method used for encrypting data "at rest", and therefore just causes too much confusion when used.
Here are the primary reasons to get into the encryption game, and the impact it likely has on an application developer: