Therapy Software Uses TDE to Improve Corporate Compliance Management
What is Transparent Data Encryption?
A new level of encryption called TDE is now available. TDE is full database level encryption that is not limited to columns and rows but protects both the data files and log files. The implementation of TDE on a database is comparatively simple and transparent to the applications that connect to the selected database. It does not require any changes to the existing applications. The protection is applied on the data files and log files as well as the backup files. Once TDE is enabled on a database, restoring a backup to another SQL Server or attaching data files to another SQL Server will not be permitted until the certificate that was used to secure the database encryption key (DEK) is available.
The encryption is executed at data pooling level and secures connections as well as data files. The encryption feature of TDE is applied at the page level. Once enabled, pages are encrypted before they are written to the disk and decrypted before they are read into the memory. The diagram below shows how SQL Server encrypts a database with TDE:
Transparent Data Encryption uses a Database Encryption Key (DEK) for encrypting the database that is stored in the database boot record. The DEK is secured by a certificate that is stored in the master database. Optionally, the DEK can be secured by an asymmetric key that resides in a Hardware Security Module (HSM) with the support of Extensible Key Management (EKM). The private key of the certificate is encrypted with the database master key that is a symmetric key that is usually protected with a strong password. Note that although the certificate can be secured by a password, TDE requires that the certificate is secured by the database master key. The database master key is protected by the service master key that is protected by the Data Protection API.
Advantages of Transparent Data Encryption
-
As a security administrator, you can be sure that sensitive data is safe in case the storage media or data file gets stolen.
-
Implementing transparent data encryption helps you address security related regulatory compliance issues.
-
You do not need to create triggers or views to decrypt data. Data from tables is transparently decrypted for the database user.
-
Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part.
-
Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database.
Click the link below for a full explanation of how your IT group can implement TDE for all your software applications using SQL Server 2008.
http://technet.microsoft.com/en-us/library/cc278098.aspx#_Toc189384672
CarePoint Therapy Management System
CarePoint is a web based therapy software system used by skilled nursing facilities and outpatient therapy providers. Effective clinical management of their practices and high quality patient care are their primary concerns. Data warehousing for effective decision support, systems integration, and database security are equally important.
CarePoint uses Visual Basic.net and the latest tools that Microsoft has to offer. One of these tools is SQL Server 2008, which provides full database level encryption by using TDE. As stated in the technical article above, "TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards."
The major advantage of using SQL Server 2008 and TDE is that your patient and other corporate information is encrypted within the database engine for all your software applications that use SQL Server 2008 without affecting those applications. Prior to the introduction of SQL Server 2008, implementing encryption in a database traditionally involved complicated application changes such as modifying table schemas, removing functionality, and significant performance degradations. This is now in the past.
In summary, Microsoft has addressed corporate and regulatory data encryption requirements by implementing encryption at the database engine level as opposed to the application level. Keep in mind that SQL Server is one of the most widely used database engines in the world. In order for Microsoft to stay competitive with other database engines, they strategically implemented this powerful solution for encrypting data within their database engine. This was a great move.