Extensible Key Management (EKM) – SQL Server 2008

Leave a comment (2) Go to comments

Extensible Key Management (EKM) enables you to manage your encryption keys via an external provider. Extensible Key Management enables third-party vendors to implement solutions that store keys in a device such as a smart card, USB device, or a hardware security module (HSM). Encryption is the process of obfuscating data by the use of a key or password. This can make the data useless without the corresponding decryption key or password.

Introduction to Extensible Key Management

Some high-security databases use thousands of keys, and you must employ a system to store, retire, and regenerate these keys. Furthermore, you should store these keys separately from the data to improve security.

SQL Server 2008 provides Extensible Key Management, which exposes encryption functionality for use by third-party vendors. These solutions work seamlessly with databases in SQL Server 2005 and SQL Server 2008, and provide enterprise-wide, dedicated key management. This moves the key-management workload from SQL Server to a dedicated key-management system. Extensible Key Management enables key storage in a device such as a smart card or USB drive.

Extensible Key Management in SQL Server 2008 also supports the use of HSMs to provide the physical separation of keys from data. This improves security because the data remains protected even if it is stolen, because the keys are in a separate physical location.


Enabling Extensible Key Management

Extensible Key Management is switched off by default. You can use the sp_configure stored procedure to enable it.

The following code example shows how to enable Extensible Key Management.

sp_configure 'show advanced', 1

GO

RECONFIGURE

GO

sp_configure 'EKM provider enabled', 1

GO

RECONFIGURE

GO

The Following pictures. clearly indicates, which security methods, works at which level in SQL Server 2008.

Extensible Key Management (EKM)   SQL Server 2008 sql server security methods sql server secure files sql server secure backup files sql server Physical separation of data and keys sql server hardware security module sql server hardware security SQL Server Extensible Key Management SQL Server encryption key hierarchy with TDE and EKM sql server CREATE SYMMETRIC KEY sql server 2008 Extensible Key Management SQL Server 2008 Encryption Extensible Key Management Introduction to Extensible Key Management How to enable Extensible Key Management how ti implement Extensible Key Management in sql server Extensible Key Management (EKM) Extensible Key Management CREATE SYMMETRIC KEY

Figure:   SQL Server encryption key hierarchy with TDE and EKM

To summarize, SQL Server 2008 Extensible Key Management provides the following benefits:

  • An additional authorization check that enables separation of duties between database administration and key management
  • Improved performance through hardware-based encryption/decryption rather than software-based encryption/decryption
  • External encryption key generation
  • Physical separation of data and keys
  • Encryption key retrieval
  • External encryption key retention and encryption key rotation
  • Easier encryption key recovery
  • Manageable encryption key distribution
  • Secure encryption key disposal

For More Information

http://msdn.microsoft.com/en-us/library/bb895340.aspx

Database Encryption in SQL Server 2008, Technical Document 

Tags : Extensible Key Management,SQL Server Extensible Key Management, How to enable Extensible Key Management, sql server 2008 Extensible Key Management, how ti implement Extensible Key Management  in sql server,sql server Physical separation of data and keys ,sql server security methods,SQL Server encryption key hierarchy with TDE and EKM,SQL Server 2008 Encryption Extensible Key Management,CREATE SYMMETRIC KEY, sql server CREATE SYMMETRIC KEY,Extensible Key Management (EKM),Introduction to Extensible Key Management,sql server hardware security module, sql server hardware security, sql server secure files, sql server secure backup files,

EOF - Extensible Key Management (EKM) – SQL Server 2008, SQL Server 2012 , 2008 R2 , 2008 , 2005 , 2000
Leave a comment

2 Comments.

Leave a Reply

Your email address will not be published. Required fields are marked *


*


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Trackbacks and Pingbacks: