Bluedog whitepaper securing data
Transcript of Bluedog whitepaper securing data
www.bluedog.net 1 of 15
Bluedog White Paper
Locking up Your Data, Tight Bluedog’s Method for Securing Information in Legacy Databases
Security: No matter what vendor’s database you are using,
the important data stays encrypted, away from prying eyes.
Even if the database walks out the door with the DBA,
there’s no way to get at the most critical information
without authorization.
High-Performance: Using intermediate web services to
provide the encryption/decryption, throughput is extremely
high, and can often be wired into existing web applications
with little effort.
Reliable: The appliance servers scale easily, and are rated
at thousands of hours mean between failure. Key
management and other services are segregated by user
roles.
Easy-to-Manage: With a web-based interface and role-
based access control, it’s easy to manage who can decide
what data to encipher, and who can view or update that
information. Meets or exceeds policy and legislative
compliance in the U.S. and E.U.
www.bluedog.net 2 of 15
Purpose of This Paper This paper provides you with an overview of the data
security process Bluedog architects for most enterprise
applications. This is not meant as an in-depth exploration of
encryption (although some familiarity with data security
concepts may help you), this paper will provide an overview
of a way to handle confidential data that makes that data as
secure as possible why still being accessible. This paper is
intended to explain how the architecture is put together,
and why it is a reasonable way to mitigate the risk of
confidential data getting misappropriated.
Why Do You Need to Lock Up Data in the Database? Just reading the headlines should give you impetus enough
to want to lock up sensitive data inside the database in
which it is stored. Even as organizations have gotten good
at levering information technology to increase access to
information, they’ve failed to keep up with the security of
that information – sometimes with disastrous results. In
today’s internet world, how well you secure your data is as
or more important as how well your stakeholders can use it.
Many times the threat to data comes from within the
organization –unwitting users exposing data on laptops lost
or stolen. Worse, insiders such as database administrators
could compromise sensitive data or even just steal it.
Outside attack of course remains a huge concern. When
your organization has complex IT environments, you may
www.bluedog.net 3 of 15
not even be sure your data is protected, or know by what
means it is secure.
Finally, privacy concerns have spawned legislation in the
U.S. and the E.U. Mandates that cut across industry and
geography are meant to quell the rising identity theft
problems facing all of us. But having insufficient protections
could also open organizations up to breach of trust or run
afoul of laws and regulations across borders. An
organization cannot afford the public relations, legal and
other risks. The approach Bluedog outlines in this paper can
be used to mitigate all these risks.
While protecting sensitive data at all times is common
sense, a number of laws and regulations means you can be
liable for not being a good steward:
• The Federal Information Security Management Act of
2002 (FISMA) mandates that senior agency officials
assess the risk and magnitude of harm that could
result from unauthorized access to data, to
determine levels of information security needed to
protect such information, and implement policies and
procedures to reduce risk to acceptable levels.
• The Health Insurance Portability and Accountability
Act (HIPPA) requires best practices for the protection
of personal data, and covers electronic information in
storage and in transmission.
• The European Union has issued several directives
since 1995 concerning the collection, dissemination
and storage of private data. Directive 95/46/EC, for
example, EU rules forbid. .export of data to countries
not providing adequate data protection. Finally, this
directive calls on each Member State to apply the
national provisions it adopts pursuant to this
Directive to the processing of personal data. This
www.bluedog.net 4 of 15
means your organization could be subject to multiple
jurisdictions’ laws regarding handling private data.
The Bluedog approach enhances internal control of data
access, and puts it into the hands of authorized security
personnel, not developers, database administrators or
general users. The Bluedog approach uses a centralized and
hardened appliance that encrypts and decrypts on the fly,
providing a means of addressing the regulatory framework
in one easy step. Tamper resistance and physical/logical
access control are all areas the Bluedog approach
addresses.
www.bluedog.net 5 of 15
How It Works Bringing data security to the entire enterprise could be a
daunting task. The approach outlined in this paper is simple
enough to implement in a short time frame, and relies on
three key elements:
• Identifying the data that needs to be secure,
regardless of the databases it may live in.
• Protect data from external and internal threats, while
complying with appropriate legislative and policy
mandates.
• Providing a central, easy-to-use interface for setting
access rules, without the need for re-compiling code
or engaging expensive consultants.
Granular encryption via a middle-tier web service, with
centralized security mandate, addresses most of the
concerns your organization faces in the wide range of
security gaps: from intrusion to misappropriation. This is
done with transparent encryption -- transparent to
legitimate users, not to unauthorized ones.
Exhibit: Overview of Approach
www.bluedog.net 6 of 15
High-Level Architecture The Bluedog approach works seamlessly with leading
database vendors (Oracle, Microsoft SQL Server, MySQL,
Sybase) that support JDBC. The web services approach
secures data at the column level (field), in one or more
databases. Typical uses are to encrypt credit card numbers,
social security numbers, account or other financial data,
even passwords.
A browser-based management console significantly
streamlines administration, and access control is set in a
rules engine. This means you don’t have to rely on your IT
department or developers to re-code and re-compile when
you want to make changes to accessing the data.
Making use of the services is as simple as adding a few
classes to existing applications. Pushing data through a
portal greatly increases the reach, as well. This means fast
implementation and little disruption to applications tied to
the database(s) in question.
The Bluedog approach is comprised of three components:
• A dedicated, hardened and secure appliance server
(or servers in an enterprise configuration), running a
specialized Unix operating system.
• Web services to provide the encryption/decryption
routines, and the rules engine for managing keys
and access control lists, and
• A web-browser based user console for platform-
independent control of the system.
The exact cryptologic engine can be swapped out with ease,
depending on the level of strong encryption desired.
www.bluedog.net 7 of 15
Bluedog recommends Blowfish, Tiger, DES3 or any Java-
compatible libraries.
Exhibit: Plaintext to enciphered text, using a symmetric key
Once columns in various databases have been identified as
requiring a high level of security, your developers add the
needed classes to their applications, and an automated
process is used to bulk encrypt the data. Anticipate a
process of identifying the sensitive data, implementing the
code to make use of the web services, and the bulk
processing over a period of a few weeks or months,
depending on the agility of your organization.
The model presented here is meant to cover the following
processes:
• Migrate data in one or more databases from plaintext
to enciphered data, and make any schema changes
to accommodate the new approach.
• Insertion of Java or Dot-Net classes to make use of
the web services, as well as establish discovery and
authorization of those services.
• Real-time/on-demand encrypt/decrypt when data is
requested from the database(s).
• Key management, rotation of keys and other
housekeeping chores.
• Authentication of users/groups via the rules engine,
and
www.bluedog.net 8 of 15
• Cultural and policy shifts to fully benefit from this
model for handling sensitive or private data.
Exhibit: High-Level Architecture of The Bluedog Approach
www.bluedog.net 9 of 15
Encryption Nuts-and-Bolts The Bluedog approach is based on you defining what data
you want encrypted. Identifying that information in the form
of columns in databases helps narrow down just what has to
be processed. This approach lets you tailor policies
appropriate to specific data, no matter who is ‘consuming’
it. This is in stark contrast to the “bulk” encryption of entire
disks or storage area network devices, which can cause
performance bottlenecks and actually work against you by
limiting access to legitimate data.
Exhibit: End-to-End PKI Process
www.bluedog.net 10 of 15
Take the case where you store social security numbers in a
database. In a table labeled “client”, with columns such as
address, email, etc., the important field is the
social_security column.
Exhibit: Sample Database Table
CLIENT First_name Last_name SS_N Address Email
John Smith 555-55-1234 123 Other Street
Joe Bell 555-55-1235 321 Any Street [email protected] Jane Doe 555-55-1236 213 Anyother St [email protected]
After deciding that the SS_N column is the one to protect,
no matter who accesses the database, the Bluedog
approach is to run the batch encryption processing on the
chosen column. Developers would have to add the
necessary classes to call the web services, and an access
control list would have to be set up in the rules engine to
handle who has read-, read/write, or other combinations of
access to the specific data. Database scripts copy the
tables, change the column types to accommodate the
enciphered data, and post-process the columns after
encryption.
Subsequent reads of the tables are processed by the rules
engine. When sensitive data is to be displayed or entered,
they are processed by the web services.
www.bluedog.net 11 of 15
Cultural Changes Are As Important as the Technology Of course, getting your IT staff, end users, and even other
developers to buy into this model requires a cultural shift.
But good security is just as much about good work habits as
about technology.
The Bluedog approach provides a single, secure web
location for setting up and managing cryptographic policies.
You determine which applications and which users (via
access control lists) see what data. You set the conditions
for enciphering, viewing, etc., in a Rules Engine
independent of any single application. Policy administration
is segregated form database administration. And all
cryptographic operations are performed on the appliances,
as well has key storage and management, easing security
efforts and preventing compromise of keys.
www.bluedog.net 12 of 15
Advantages and Weaknesses of this Approach The Bluedog approach to securing enterprise information is
a cost effective and quick means of locking down critical
data. This approach is flexible and easily implemented
where there are back-end relational databases in uses
(Oracle 8i, 9i or 10 for example), where there are one or
more applications accessing that data, and where users get
access through a web browser or other MVC-style interface.
• Robust encryption. Because the Bluedog approach
manages encryption at the field level in one or more
databases, regardless of the RDBMS or applications
access the data, you can customize the security to
adequately protect specific kinds of data. The ability
to swap out encryption algorithms means you can
select the level of complexity of scrambling data.
• Easy implementation. Since the encryption and
decryption processes are available as web services,
making use of them is as easy as adding a class or
two to an existing application. The rules engine for
policy management means you don’t need IT
personnel or developers to make fine-grain
adjustments once the process is in place.
• Scalable, reliable and flexible, based on mid-tier
implementations. The benefits of 3-tier are many,
including the ability to add more instances when the
user load requires, the ability to serve various
platforms (Java, dot-net, traditional client/server).
The system requires a relatively small operational
staff and that the size of resources do not need to be
increased in direct proportion to the rate at which
raw events are generated by the network.
www.bluedog.net 13 of 15
• Even backups are protected – should off-site backup
tapes or data in a hot site be compromised, it is still
rendered unreadable. Of course, older backups that
were made before the system is put in place will not
have the protection.
• Disadvantage: locking up sensitive data under one
scheme can make key management and other
housekeep issues a breeze, but should those keys be
compromised, the attacker gets access to all data. Of
course, keeping track of dispersed data can be a
massive headache. Appropriate key management
offsets this disadvantage.
• Another disadvantage: The risks of either missing
data to be managed by the system, or worse,
missing data in a cryptographic update. In the
former, you unwittingly leave data exposed that
should be protected. In the latter, the keys to
encrypted data are lost, and the data cannot be
recovered.
www.bluedog.net 14 of 15
Conclusion The Bluedog approach to securing data is to migrate
plaintext data to an encrypted format during the transaction
process (using a series of web services). As part of the set-
up process, columns in various databases that have been
identified as needing added security are mass-enciphered.
Key management is handled on the appliance servers
through a web interface, and many housekeeping routines
are automated with schedules the security personnel
determine.
One of the most important concepts to retain from this
paper is that your organization’s sensitive data sits in the
clear in one or more databases. Even if you use the RDBMS
vendor’s encryption, a savvy database administrator can get
access to anything. This approach put forth in this paper
addresses this problem simply and in a cost effective
manner.
Integration and smooth web service operations means that
the Bluedog approach makes protecting data through strong
encryption transparent, at the level that applications
interface with that data. And that means peace of mind for
you, knowing that social security numbers, credit card
information, medical records or other valuable and private
data won’t end up on some criminal’s website or be used in
an identity theft event.
www.bluedog.net 15 of 15
Glossary of Terms Encryption: Processing and altering data so only the
intended recipient can read or use it. The recipient of the
encrypted data must have the proper decryption key and
program to decipher the data back to its original form
RDBMS – Relational Data Base Management System. A
software system that facilitates (a) the creation and
maintenance of a database or databases, and (b) the
execution of computer programs using the database or
databases. Oracle, Microsoft SQL Server, and MySQL are
examples.
Server Appliance: A specialized server that is designed for
ease of installation and maintenance, usually with software
bundled into the product, so all applications are pre-
installed. The appliance is plugged into an existing network
and can begin working almost immediately, with little
configuration.
Three Tier: A model for the development of applications,
most commonly web applications, where the business logic
is separate from the presentation logic and data being
accessed. Tier 1: Static content in the form of the
presentation layer. Tier 2: Application logic, in the form of
the encryption services or the applications that will make
use of these services. Tier 3: Databases housing the data to
be protected. Also known as MVC, Model-View-Controller.
Public Key Infrastructure: PKI is a framework established
to issue, maintain, and revoke public key certificates
accommodating a variety of security technologies, including
the use of software. This set of technical processes by which
parties to an electronic transaction trade encrypted “keys”
(strings of data) so as to authenticate each other’s identity
and legitimacy so they may do business.