SQL Server Column Level Encryption - Case Study Example

SQL Server Column Level EncryptionProblem Research firms have sensitive information and data that they must protect for two major reasons. Firstly, sensitive data can be harmful to the company’s investment if it is accessed by rivals or unauthorized personnel who can use it against the firm. Identically, exposure of sensitive data to unauthorized personnel is harmful to the parent firm as it may suffer from corporate espionage. Additionally, sensitive data may trigger other research firms to implement their replica research findings prior to the parent’s firm implementation thus leading to losses due to under par returns.

Even though firms try to encrypt data with various methods and keys, it has been noted that these companies are exposed to two major categories of threats (Jayanty, 2011). Chiefly, restricting access to sensitive information is a basic protective approach to the firm’s data. However, considering that cyber-attacks comprise of a major threat to business and research firms, it is observed that access restriction is not enough. Consequently, encrypted data and restricted access to sensitive information suffers from the possible virus attack that can destroy the data rather than expose it.

With this in mind, ABC Institute of Research and XYZ Inc. are vulnerable to losing data or having their research finding on genetics expose to their rivals. For this reason, column level encryption using symmetric keys (Aqarwal, 2011).Solution Under the circumstances defined above, when encrypting data, it is important to note that data can be accessed in two ways. Firstly, sensitive data is stored in forms of memory and anyone can have access to these memory devices. Secondly, sensitive data can be acquired from its storage device for access in another device.

As a result, data encryption should ensure that once an unauthorized personnel is able to get to the data, access to that data is not discernable using a simple query. Ordinarily, ABC and XYZ would store their research findings in various columns that comprise of genetic patterns, associations, links, and procedures of deciphering various DNA codes that all need to be encrypted. Using the SQL Server Symmetric key encryption, the SQL Server allows the encryption hierarchy that needs to be followed to the latter.

Forthwith, the hierarchy allows the creation of a master key for the SQL Server which provides the first step of encrypting the database using a password. Following the need to encrypt data, schema changes are required especially if data is varchar datatype. Ideally, the use symmetric key is to ensure that once, encrypted, the data can be accessed by the two collaborating firms through decryption. In order to access encrypted data, specified users are provided with two levels of passwords, one being the master key and second being the certificate encryption key.

Uniquely, a certificate is created as a digitally signed security object that helps in the determination of authorized and unauthorized access to a database.Advantage of the Solution The use of column level encryption provides users, in this case the research firms, the option of encrypting only the sensitive data on the various columns that may be specified within the SQL Server Database. In addition, the encrypted data can be decrypted at a later date for use by the principle firms. In favor of more secure data, column level encryption ensures that virus attacks are prevented as the encrypted data is prevented from reading, modification, or deletion (Jayanty, 2011).

Disadvantage of the Solution On contrary to the advantages of column level encryption using symmetric key, servers and databases with too many columns tend to consume too much time, time that could be put in better use had other methods been used.ReferencesAqarwal, N. (2011). SQL Server Column Level Encryption Example using Symmetric Keys. Retrieved online on May 23, 2014 from http://www.mssqltips.com/sqlservertip/2431/sql-server-column-level-encryption-example-using-symmetric-keys/Jayanty, S. (2011). Microsoft SQL Server 2008 R2 administration cookbook.

Packt Publishing Ltd.