1 / 16

ASE130 Privacy Please A Case Study Of The Encryption Of Data-At-Rest

ASE130 Privacy Please A Case Study Of The Encryption Of Data-At-Rest. Dave Ebbels Senior Systems Consultant, Sybase, Inc. debbels@sybase.com / 973-537-5721 August 7, 2003. THRS. Background. The business of Total HR Solutions.

Download Presentation

ASE130 Privacy Please A Case Study Of The Encryption Of Data-At-Rest

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ASE130 Privacy PleaseA Case Study Of The Encryption Of Data-At-Rest Dave EbbelsSenior Systems Consultant, Sybase, Inc.debbels@sybase.com / 973-537-5721August 7, 2003

  2. THRS Background The business of Total HR Solutions. • Administer Medical/Dental, Pension, and Retirement Savings plans of clients; • Supply client call centers and customer support; • Provide the IT infrastructure.

  3. Environment Total HR Solutions Front-End Client options: • Web-based interface; • Interactive Voice Response (IVR) system; • Customer Service Representatives at the client’s call center. Back-End • Production data is stored in Sybase ASE12.5; • Each client is given their own ASE database(s); • Common structure applied to each client database; • All data is replicated, via Sybase Replication Server, to a remote location for DR, HA, and DSS.

  4. Situation Total HR Solutions Overview In order to win the business of a major credit card company, Total HR Solutions was required to provide data-protection for the credit card company’s employee data by encrypting it within the database.

  5. Criteria For Success Total HR Solutions • Provide a completely secure, encrypted environment; • Prevent unauthorized access to employee data; • Ensure complete confidentiality and protection from identity theft; • Maintain an acceptable level of response time. Requirements

  6. Solution Total HR Solutions Adaptive Server Enterprise + Secure.Data Server

  7. Secure.Data, What Is It? Secure.Data Server: • Secure.Data Server performs all processing pertaining to the encryption of data; • A middleware component, built on Sybase’s OpenServer* platform; • Removes the connection between the users and the physical data; • Utilizes ASE’s Component Integration Services (CIS) to create user-facing proxy tables; • Implemented as a Sybase Specialty Data Store (SDS). * SMP-enabled version of OpenServer recommended.

  8. About CIS and SDS Component Integration Services and Specialty Data Stores • Distributed data access across heterogeneous data sources. • Global catalog comprising metadata from each data source. • Manages data that reside outside a traditional database. • Centralized management and integration of distributed content. CIS support for External File Systems

  9. Select * from TabA Where name = ‘Jim’ Select * from TabA pty Where name = ‘Jim’ Logon Check access Ct-lib Optimizer CIS Cs-lib Decrypting/ Encrypting If access OK Logon OK Access OK Cs-lib Ct-lib Select * from TabA pty Where name = ‘0xA432D18542E25901’ How Secure.Data Server Works… ASE and Secure.Data Server Client Application Proxy Table TabA Secure Server TabA pty ASE Engine PTY SDS

  10. Performance Considerations ASE and Secure.Data Server • Only the items that require explicit protection should be encrypted. • Encrypting primary keys can have a significant impact on performance. • Primary keys should be non-intelligent and non-identifying (no encryption required). • If primary key must be encrypted, avoid using as filter. Encryption and decryption operations require careful design!

  11. Performance Considerations (cont.) ASE and Secure.Data Server Effects of Indexing • Dependency on encrypted indexes can slow processing. • Searches may be seriously degraded by overhead of decrypting. One Alternative: • Create an alternate unique identifier. • Can be stored as unencrypted text. • Required index stored as a separate, encrypted column.

  12. ASE Tuning Recommendations ASE and Secure.Data Server CIS Tuning: • cis rpc handling: must be turned on (i.e. – set to ‘1’); • cis cursor rows: start with 500, then increment; • cis bulk insert array/batch size: start with 500, then increment.

  13. ASE Tuning Recommendations (cont.) ASE and Secure.Data Server Server Engines: • max online engines: based on server capacity. Now dynamic! • runnable process search count: the value of ‘0’. Other: • max network packet size • i/o polling process count

  14. THRS Success! Total HR Solutions: • Secured a lucrative contract with the credit card company; • Provided a completely secure environment; • Enhanced their solution offering for the future!

  15. Questions?

  16. SDN Presents CodeXchange Share ASE Scripts and Tools • New SDN feature enables community collaboration • Download tools created by Sybase • Leverage contributions of others to help administer and monitor your servers • Contribute your own code or start your own collaborative project with input from other ASE experts • Any SDN member can participate • Log in using your MySybase account via SDN • Join the collaboration already underway • http://ase.codexchange.sybase.com or via SDN at www.sybase.com/developer

More Related