CAMPBELL, Calif., Aug. 5, 2014 -- Porticor®, a leading cloud data security
company delivering the only cloud-based data encryption and key management solution that infuses trust into the cloud and keeps cloud data confidential, today announced that it supports Microsoft
SQL Server Transparent Data Encryption (TDE), securing Microsoft’s database in cloud infrastructures with its Porticor Virtual Private Data (VPD).
Porticor’s software-defined key management solution eliminates risks surrounding storing SQL Database Encryption Keys (DEK) on the database server, where they can be compromised or stolen. Porticor integrated with Microsoft’s Transparent Data Encryption secures data through strong encryption, and also protects it from “root” access by administrators. The Porticor solution supports virtual systems, and private and public clouds.
Storing the data encryption keys in Porticor’s key management service, Porticor’s MS SQL Server plugin is a small installable package that can be added to a running SQL Server database with minimal configuration through normal SQL statements. The Porticor appliance is set up in minutes, and since it is a generic key management system it does not need to be configured to enable integration with a SQL Server. Uniquely, due to Homomorphic Key Management and Split Key Encryption technologies, the solution provides both secure key storage and secure key caching with no hardware needed, combining high security with top performance.
“Since SQL servers often hold an organization’s most important information, they are a favorite target for attacks,” said Gilad Parann-Nissany, Porticor founder and CEO. “Microsoft’s Transparent Data Encryption feature encrypts the database, but in cloud computing the question of encryption key management comes into play. With Porticor, the DEKs are never stored on the SQL Server disk, are protected by a ‘split key’ method, and remain under control of the customer, eliminating the chance of the keys getting stolen or hacked.”
Microsoft created the Extensible Key Management (EKM) API to provide integration between the SQL Server and a Hardware Security Module (HSM) key management system or a software-defined key management solution, such as Porticor. EKM supports Transparent Data Encryption to protect SQL Server data. With Porticor’s EKM integration, the DEK is encrypted by an asymmetric key that never leaves the key management system, and is itself protected through Homomorphic Split Key Encryption. When the database is started, it authenticates into the Porticor virtual appliance and retrieves the DEK. Since the DEK is never stored on the SQL Server’s disk, if the disk is ever removed and discarded, its encrypted tables cannot be decrypted. In addition to wholesale database encryption, EKM and Porticor’s advanced API enable fine granular encryption of specific tables, database row, columns and records. (continued...)