Download eBook (PDF) - Red Gate Software

Introductionencrypted data cannot be decrypted and therefore is lost. However, the fear ofthe "lost key" is not a valid reason to avoid encryption altogether.When I was a student, a recurring nightmare of mine was the forgotten lockercombination. The scenario would be that I was rushing through the halls on myway to a very important examination; but, first there was "something" I neededout of my locker. As I began to spin the dial on the lock of my locker I soonrealized that its combination had slipped my memory. In desperation I begantrying random numbers in the hope that I would guess the code. A stream ofstudents making their way into their classrooms buffeted me to a fro elevatingmy anxiety. The hallway gradually cleared and the din of chatting reduced tothe clapping echo of the final student's footsteps. Thankfully, this neverhappened in real life.This is the fear of not being able to access something of value when it isneeded. It is the fear of the fragile nature of our memories, and of the inabilityto recall the "special code" in a time of need. It explains why passwords arefound scribbled on a Post-it® note and stuck to the monitor screen. It is a keyreason that more advanced protection methods for sensitive data, such asencryption, are avoided.If encryption is implemented without careful planning and without amaintenance strategy, it can become a hairy mess; but isn't this also true of anyaspect of data and database administration? Without regular backups andcareful attention to data integrity, a database is at a high risk of data loss,regardless of whether or not you use encryption.Encryption requires careful consideration of what should be protected and theextent of its application. Granting permissions to the keys, and performing anynecessary schema modifications to accommodate the encrypted values, are alsoa part of the implementation process Once encryption is implemented itrequires periodic maintenance of retiring aging encryption keys with freshones. This practice ensures the continued effectiveness of the keys.A fundamental aspect of the whole process is backing up the encryption keysand storing them in a safe location. If these practices are followed, the DBA'sanswer to the question "What happens if the key is lost?" should be exactly thesame as the answer they'd give if asked the question "What happens if data iscorrupted or lost due to a disk failure": I will restore it from backup. Failure todo so in either case may result in a new DBA job posting.I'm hoping, with this book to address some of the concerns and confusionsurrounding encryption, and other data protection methods. I hope to hear thequestion "What happens if I do not encrypt my sensitive data?" occur moreoften in my conversations regarding data security. I hope to see the fear of thexvi