HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Best patterns for encrypting database columns/tables in SQL Azure

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
tablescolumnssqlpatternsdatabaseencryptingazureforbest

Problem

Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). What is the best practice for doing application level encryption into a database that doesn't support encryption? Also need

  • Key rotations



  • metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand



If someone would like to recommend a library, I'd be happy to stay away from "DIY" too.

Solution

I think that your problem can be solved with the MS framework called "Trust Services".
Buck Woody explains in this article how you can use it to solve problems of encrypted data with SQL Azure. From his article, a short description about how to use Trust Services:

"With the new Trust Services service, the basic process is that you
use a Portal to create a Trust Server using policies and other
controls. You place a X.509 Certificate you create or procure in that
server. Using the Software development Kit (SDK), the developer has
access to an Application Layer Encryption Framework to set fields of
data they want to encrypt. From there, the data can be stored in SQL
Azure as a standard field – only it is encrypted before it ever
arrives."

Further reference:

  • Learn More about Microsoft Codename "Trust Services"



  • Using Certificate-Based Encryption in Windows Azure Applications



  • Crypto Services and Data Security in Windows Azure



  • SQL Azure: Securing SQL Azure

Context

StackExchange Database Administrators Q#29030, answer score: 2

Revisions (0)

No revisions yet.