Bluedog whitepaper securing data

www.bluedog.net 1 of 15

Bluedog White Paper

Locking up Your Data, Tight Bluedog’s Method for Securing Information in Legacy Databases

Security: No matter what vendor’s database you are using,

the important data stays encrypted, away from prying eyes.

Even if the database walks out the door with the DBA,

there’s no way to get at the most critical information

without authorization.

High-Performance: Using intermediate web services to

provide the encryption/decryption, throughput is extremely

high, and can often be wired into existing web applications

with little effort.

Reliable: The appliance servers scale easily, and are rated

at thousands of hours mean between failure. Key

management and other services are segregated by user

roles.

Easy-to-Manage: With a web-based interface and role-

based access control, it’s easy to manage who can decide

what data to encipher, and who can view or update that

information. Meets or exceeds policy and legislative

compliance in the U.S. and E.U.


Purpose of This Paper This paper provides you with an overview of the data

security process Bluedog architects for most enterprise

applications. This is not meant as an in-depth exploration of

encryption (although some familiarity with data security

concepts may help you), this paper will provide an overview

of a way to handle confidential data that makes that data as

secure as possible why still being accessible. This paper is

intended to explain how the architecture is put together,

and why it is a reasonable way to mitigate the risk of

confidential data getting misappropriated.

Why Do You Need to Lock Up Data in the Database? Just reading the headlines should give you impetus enough

to want to lock up sensitive data inside the database in

which it is stored. Even as organizations have gotten good

at levering information technology to increase access to

information, they’ve failed to keep up with the security of

that information – sometimes with disastrous results. In

today’s internet world, how well you secure your data is as

or more important as how well your stakeholders can use it.

Many times the threat to data comes from within the

organization –unwitting users exposing data on laptops lost

or stolen. Worse, insiders such as database administrators

could compromise sensitive data or even just steal it.

Outside attack of course remains a huge concern. When

your organization has complex IT environments, you may


not even be sure your data is protected, or know by what

means it is secure.

Finally, privacy concerns have spawned legislation in the

U.S. and the E.U. Mandates that cut across industry and

geography are meant to quell the rising identity theft

problems facing all of us. But having insufficient protections

could also open organizations up to breach of trust or run

afoul of laws and regulations across borders. An

organization cannot afford the public relations, legal and

other risks. The approach Bluedog outlines in this paper can

be used to mitigate all these risks.

While protecting sensitive data at all times is common

sense, a number of laws and regulations means you can be

liable for not being a good steward:

• The Federal Information Security Management Act of

2002 (FISMA) mandates that senior agency officials

assess the risk and magnitude of harm that could

result from unauthorized access to data, to

determine levels of information security needed to

protect such information, and implement policies and

procedures to reduce risk to acceptable levels.

• The Health Insurance Portability and Accountability

Act (HIPPA) requires best practices for the protection

of personal data, and covers electronic information in

storage and in transmission.

• The European Union has issued several directives

since 1995 concerning the collection, dissemination

and storage of private data. Directive 95/46/EC, for

example, EU rules forbid. .export of data to countries

not providing adequate data protection. Finally, this

directive calls on each Member State to apply the

national provisions it adopts pursuant to this

Directive to the processing of personal data. This


means your organization could be subject to multiple

jurisdictions’ laws regarding handling private data.

The Bluedog approach enhances internal control of data

access, and puts it into the hands of authorized security

personnel, not developers, database administrators or

general users. The Bluedog approach uses a centralized and

hardened appliance that encrypts and decrypts on the fly,

providing a means of addressing the regulatory framework

in one easy step. Tamper resistance and physical/logical

access control are all areas the Bluedog approach

addresses.


How It Works Bringing data security to the entire enterprise could be a

daunting task. The approach outlined in this paper is simple

enough to implement in a short time frame, and relies on

three key elements:

• Identifying the data that needs to be secure,

regardless of the databases it may live in.

• Protect data from external and internal threats, while

complying with appropriate legislative and policy

mandates.

• Providing a central, easy-to-use interface for setting

access rules, without the need for re-compiling code

or engaging expensive consultants.

Granular encryption via a middle-tier web service, with

centralized security mandate, addresses most of the

concerns your organization faces in the wide range of

security gaps: from intrusion to misappropriation. This is

done with transparent encryption -- transparent to

legitimate users, not to unauthorized ones.

Exhibit: Overview of Approach


High-Level Architecture The Bluedog approach works seamlessly with leading

database vendors (Oracle, Microsoft SQL Server, MySQL,

Sybase) that support JDBC. The web services approach

secures data at the column level (field), in one or more

databases. Typical uses are to encrypt credit card numbers,

social security numbers, account or other financial data,

even passwords.

A browser-based management console significantly

streamlines administration, and access control is set in a

rules engine. This means you don’t have to rely on your IT

department or developers to re-code and re-compile when

you want to make changes to accessing the data.

Making use of the services is as simple as adding a few

classes to existing applications. Pushing data through a

portal greatly increases the reach, as well. This means fast

implementation and little disruption to applications tied to

the database(s) in question.

The Bluedog approach is comprised of three components:

• A dedicated, hardened and secure appliance server

(or servers in an enterprise configuration), running a

specialized Unix operating system.

• Web services to provide the encryption/decryption

routines, and the rules engine for managing keys

and access control lists, and

• A web-browser based user console for platform-

independent control of the system.

The exact cryptologic engine can be swapped out with ease,

depending on the level of strong encryption desired.


Bluedog recommends Blowfish, Tiger, DES3 or any Java-

compatible libraries.

Exhibit: Plaintext to enciphered text, using a symmetric key

Once columns in various databases have been identified as

requiring a high level of security, your developers add the

needed classes to their applications, and an automated

process is used to bulk encrypt the data. Anticipate a

process of identifying the sensitive data, implementing the

code to make use of the web services, and the bulk

processing over a period of a few weeks or months,

depending on the agility of your organization.

The model presented here is meant to cover the following

processes:

• Migrate data in one or more databases from plaintext

to enciphered data, and make any schema changes

to accommodate the new approach.

• Insertion of Java or Dot-Net classes to make use of

the web services, as well as establish discovery and

authorization of those services.

• Real-time/on-demand encrypt/decrypt when data is

requested from the database(s).

• Key management, rotation of keys and other

housekeeping chores.

• Authentication of users/groups via the rules engine,

and


• Cultural and policy shifts to fully benefit from this

model for handling sensitive or private data.

Exhibit: High-Level Architecture of The Bluedog Approach


Encryption Nuts-and-Bolts The Bluedog approach is based on you defining what data

you want encrypted. Identifying that information in the form

of columns in databases helps narrow down just what has to

be processed. This approach lets you tailor policies

appropriate to specific data, no matter who is ‘consuming’

it. This is in stark contrast to the “bulk” encryption of entire

disks or storage area network devices, which can cause

performance bottlenecks and actually work against you by

limiting access to legitimate data.

Exhibit: End-to-End PKI Process


Take the case where you store social security numbers in a

database. In a table labeled “client”, with columns such as

address, email, etc., the important field is the

social_security column.

Exhibit: Sample Database Table

CLIENT First_name Last_name SS_N Address Email

John Smith 555-55-1234 123 Other Street

[email protected]

Joe Bell 555-55-1235 321 Any Street [email protected] Jane Doe 555-55-1236 213 Anyother St [email protected]

After deciding that the SS_N column is the one to protect,

no matter who accesses the database, the Bluedog

approach is to run the batch encryption processing on the

chosen column. Developers would have to add the

necessary classes to call the web services, and an access

control list would have to be set up in the rules engine to

handle who has read-, read/write, or other combinations of

access to the specific data. Database scripts copy the

tables, change the column types to accommodate the

enciphered data, and post-process the columns after

encryption.

Subsequent reads of the tables are processed by the rules

engine. When sensitive data is to be displayed or entered,

they are processed by the web services.


Cultural Changes Are As Important as the Technology Of course, getting your IT staff, end users, and even other

developers to buy into this model requires a cultural shift.

But good security is just as much about good work habits as

about technology.

The Bluedog approach provides a single, secure web

location for setting up and managing cryptographic policies.

You determine which applications and which users (via

access control lists) see what data. You set the conditions

for enciphering, viewing, etc., in a Rules Engine

independent of any single application. Policy administration

is segregated form database administration. And all

cryptographic operations are performed on the appliances,

as well has key storage and management, easing security

efforts and preventing compromise of keys.


Advantages and Weaknesses of this Approach The Bluedog approach to securing enterprise information is

a cost effective and quick means of locking down critical

data. This approach is flexible and easily implemented

where there are back-end relational databases in uses

(Oracle 8i, 9i or 10 for example), where there are one or

more applications accessing that data, and where users get

access through a web browser or other MVC-style interface.

• Robust encryption. Because the Bluedog approach

manages encryption at the field level in one or more

databases, regardless of the RDBMS or applications

access the data, you can customize the security to

adequately protect specific kinds of data. The ability

to swap out encryption algorithms means you can

select the level of complexity of scrambling data.

• Easy implementation. Since the encryption and

decryption processes are available as web services,

making use of them is as easy as adding a class or

two to an existing application. The rules engine for

policy management means you don’t need IT

personnel or developers to make fine-grain

adjustments once the process is in place.

• Scalable, reliable and flexible, based on mid-tier

implementations. The benefits of 3-tier are many,

including the ability to add more instances when the

user load requires, the ability to serve various

platforms (Java, dot-net, traditional client/server).

The system requires a relatively small operational

staff and that the size of resources do not need to be

increased in direct proportion to the rate at which

raw events are generated by the network.


• Even backups are protected – should off-site backup

tapes or data in a hot site be compromised, it is still

rendered unreadable. Of course, older backups that

were made before the system is put in place will not

have the protection.

• Disadvantage: locking up sensitive data under one

scheme can make key management and other

housekeep issues a breeze, but should those keys be

compromised, the attacker gets access to all data. Of

course, keeping track of dispersed data can be a

massive headache. Appropriate key management

offsets this disadvantage.

• Another disadvantage: The risks of either missing

data to be managed by the system, or worse,

missing data in a cryptographic update. In the

former, you unwittingly leave data exposed that

should be protected. In the latter, the keys to

encrypted data are lost, and the data cannot be

recovered.


Conclusion The Bluedog approach to securing data is to migrate

plaintext data to an encrypted format during the transaction

process (using a series of web services). As part of the set-

up process, columns in various databases that have been

identified as needing added security are mass-enciphered.

Key management is handled on the appliance servers

through a web interface, and many housekeeping routines

are automated with schedules the security personnel

determine.

One of the most important concepts to retain from this

paper is that your organization’s sensitive data sits in the

clear in one or more databases. Even if you use the RDBMS

vendor’s encryption, a savvy database administrator can get

access to anything. This approach put forth in this paper

addresses this problem simply and in a cost effective

manner.

Integration and smooth web service operations means that

the Bluedog approach makes protecting data through strong

encryption transparent, at the level that applications

interface with that data. And that means peace of mind for

you, knowing that social security numbers, credit card

information, medical records or other valuable and private

data won’t end up on some criminal’s website or be used in

an identity theft event.


Glossary of Terms Encryption: Processing and altering data so only the

intended recipient can read or use it. The recipient of the

encrypted data must have the proper decryption key and

program to decipher the data back to its original form

RDBMS – Relational Data Base Management System. A

software system that facilitates (a) the creation and

maintenance of a database or databases, and (b) the

execution of computer programs using the database or

databases. Oracle, Microsoft SQL Server, and MySQL are

examples.

Server Appliance: A specialized server that is designed for

ease of installation and maintenance, usually with software

bundled into the product, so all applications are pre-

installed. The appliance is plugged into an existing network

and can begin working almost immediately, with little

configuration.

Three Tier: A model for the development of applications,

most commonly web applications, where the business logic

is separate from the presentation logic and data being

accessed. Tier 1: Static content in the form of the

presentation layer. Tier 2: Application logic, in the form of

the encryption services or the applications that will make

use of these services. Tier 3: Databases housing the data to

be protected. Also known as MVC, Model-View-Controller.

Public Key Infrastructure: PKI is a framework established

to issue, maintain, and revoke public key certificates

accommodating a variety of security technologies, including

the use of software. This set of technical processes by which

parties to an electronic transaction trade encrypted “keys”

(strings of data) so as to authenticate each other’s identity

and legitimacy so they may do business.

Bluedog whitepaper securing data

Documents

Transcript of Bluedog whitepaper securing data