With a SafeNet hardware security module you can increase the security of your encrypted SQL database (SQL Encryption) by offloading select key management functionality to dedicated crypto processor and separating cryptographic keys from encrypted data.
SafeNet is the first HSM vendor to work with Microsoft SQL Server 2008, a relational database management system that provides organizations with a highly secure data platform for storing and managing sensitive data. Unlike its predecessor releases, Microsoft SQL Server 2008 enables the use of third-party HSM devices for storage of keys and cryptographic operations, such as key creation, deletion, encryption, and decryption for complying with security best practices and PCI DSS mandates.
The integration of SafeNet Luna hardware security modules with Microsoft SQL Server allows storage of the server's master cryptographic keys-the foundation of any robust security solution-within the hardware a hardware-based root of trust. The high-assurance Luna SA provides a verifiable audit trail as evidence that your keys have been properly secured throughout their entire life cycle.
SQL Encryption and Extensible Key Management
Traditionally, all symmetric and asymmetric Keys used by SQL Server reside in the database itself; however the Extensible Key Management (EKM) feature of SQL Server allows key creation, storage, encryption and decryption to be done outside the database using a hardware security module (HSM).
SafeNet Luna SA and Luna PCI-E offer users of Microsoft SQL Server two flexible SQL encryption options for their deployment scenarios. Luna SA is a network-attached HSM for applications where security and performance are the priority. Luna SA can be leveraged by many servers, offering the ability to securely partition and share the HSM resource.
Luna PCI-E is a PCIe-card form factor HSM that connects to the server in the PCI-express bus and provides seamless deployment to a wide range of security applications. Luna PCI-E is a high-security cryptographic PCI accelerator card that is embedded directly into the database server for added security and provides accelerated cryptographic performance and CPU offload. Both HSMs are widely used by major governments, financial institutions, and large enterprises around the world for hardware-based key management and increased cryptographic performance.
view Benefits of SQL EncryptionBenefits of SQL Encryption & SQL Security with SafeNet HSM:
- Increased security through separation of cryptographic keys from encrypted data
- Data encrypted using keys that only the database user has access to on the external HSM
- Cost-effective extensibility of Microsoft platform
- Transparent Data Encryption (TDE) support
- Enables users to meet PCI DSS standards
- FIPS 140-2 Level 3 validated root key protection/
view HSM Products For SQL Encryption"SafeNet’s Luna SA provides organizations using SQL Server 2008 additional security features to help meet today’s ever-evolving data threats and compliance mandates. Organizations can add a layer of security technology that protects keys to be separate from the data it protects while accelerating complex features such as key rotation.”
Mark Jewett, Director of SQL Server Marketing, Microsoft
view More InformationMicrosoft SQL Server Solutions
SafeNet partners with leading technology companies to provide the most advanced data protection offerings available. SafeNet is proud to be the only security Platinum sponsor of the Microsoft SQL Server 2008 R2 Launch!
To learn more about this partnership, click here.
SQL Resource Library
To learn more, please refer to our resources below.
To aid a successful and secure Public Key Infrastructure (PKI) implementation, this article examines the essential concepts, technology, components, and operations associated with deploying a Microsoft PKI with root key protection performed by a SafeNet Luna Hardware Security Module (HSM).
Looking for Ways to Provide Greater Application Security and Performance? Join Michael Coles, author and Microsoft SQL MVP for a free webinar on SQL Server 2008 Encryption - EKM Encryption Use Case Scenarios. Michael will describe common scenarios for encryption and discuss the best practices around implementation - including details about EKM, TDE, HSM, and other technologies that can be used to best accomplish the objectives.