Tag Archives: Application Level Encryption

Windows 2008 Server End of Life: The best chance to move to the cloud

30 June 2018

Windows 2008 Server End of Life is near. Within the next months many companies are busy with the replacement of Windows 2008 based infrastructure and application servers to avoid the next Wannacry or NotPetya.

It appears to me that this is the best opportunity to migrate at least application servers to the cloud. And, in the best case, to get rid of the servers at all by transforming the application to SAAS. If technical or the organizational limitations do not allow this at least the transformation to PAAS and IAAS should be considered.

What stops us from doing this? Very often it is the fear of loss of access to critical business data or the fear of loss of the data at all. At least in the latter case technical protection measures can be applied to mitigate this issue.

Transparent database encryption

Transparent database encryption (TDE) is often the matter of choice. All encryption is performed transparently by the database service, with no impact on the application and the users because only the database files or critical attributes in tables are encrypted. User interaction is required only during database startup to activate the encryption engine.

Unfortunately, TDE provides only encryption at rest. Thus TDE stops infrastructure admins from using unauthorized copies of a database or a virtual database server because they cannot activate the encryption engine. Once the database is started all users and database administrators have access.

Application level encryption

With Application level encryption (ALE) all encryption is performed by the application. Data is encrypted when entered in or retrieved through the application. Thus data is encrypted during transfer and at rest.

As long as the access is not routed through the application server the data are accessible for no one. Even infrastructure or database admins are barred unless they have access to the encryption key.

The security problem is shifted towards that of operational security of the application server. A solution to this problem could be to encrypt the data in the database with a key that is encrypted against the users access keys. This ensures that the encrypted data cannot be decrypted without access to at least one users key.

The remaining risk is that an attacker reads the keys or the plain text data from the process memory of the application service.

The effort to implement application level encryption is high because the application has to be changed. In addition, a key infrastructure must be set up to avoid data loss in the case a user key is e.g. inaccessible. But the gain in information and operational security is high.

The pros and cons of the encryption concepts in summary.

Table 1: Database Encryption Concepts Summary

Table 1: Database Encryption Concepts Summary

With Application Level Encryption, outsourcing or cloud adoption is made easy.

Have a good weekend.

Advertisements

Premera hacked – 11 million financial and medical records stolen

19 March 2014

When news about the Premera hack showed up in my mailbox this afternoon I was really amazed. The second time for this year a health insurance company was hit.

On skim reading the news about the Premera attack I wondered, when the magic word encryption would appear the first time. Finally I found this statement in Warwick Ashford’s post ‘Premera hack exposes 11 million financial and medical records’. Richard Blech, chief executive of security firm Secure Channels, said:

“With advanced and unhackable encryption, the hacker is left with a bunch of useless bits and bytes.”

Richard Blech talks about encryption at the application level. Application level encryption is not as useless as database level transparent encryption in the defense against attackers.

But even application level encryption is almost useless in the case of malicious insiders because, apart from the fact that they use stolen login data, they sign in to the company just like a normal employee. Therefore they are able to access even data which are encrypted on the application level, because they are authorized to do this.

In my opinion, to use advanced encryption as the core process of a protection strategy is as irresponsible as to use no encryption at all. Strict Identity and Access Management, combined with Two Factor Authorization for all employees, and regular security trainings create the first and second line of defense. Encryption is the last line of defense.

Take care!