nShield Database Security Option Pack
The nShield Database Security Option Pack allows nCipher hardware security modules (HSMs) to seamlessly integrate with Microsoft SQL Server. Encrypting the data in your database protects the data, but the encryption keys that unlock the data must also be protected. The use of HSMs safeguards encryption keys by storing them separately from the data on a secure, trusted platform.
Stores database encryption keys in a secure, tamper-resistant environment to prevent copying or tampering. Supports both Transparent Data Encryption (TDE) and cell level encryption
Stronger control for accessing encrypted data in Microsoft SQL Server
Smart card authentication of administrators firmly controls access to database encryption keys
- Microsoft SQL Server 2019
- Microsoft SQL Server 2017
These are supported on the following platforms:
- Windows Server 2019 R2 Standard (64-bit configuration)
- Windows Server 2016 (64-bit configuration)
The Database Security Option Pack for SQL Server is fully compatible with V12.40.2 or higher of the Security World Software and the following range of nCipher nShield HSMs:
- nShield Solo 500+, 6000+ and Solo XC Base/Mid/High
- nShield Connect 500+, 1500+, 6000+ and Connect XC Base/Mid/High.
From a security perspective, the Microsoft SQL Server supports the use of cryptographic keys to protect its databases. These encryption keys can be used to perform two levels of encryption.
- Transparent Data Encryption (TDE) is used to encrypt an entire database in a way that does not require changes to existing queries and applications. A database encrypted with TDE is automatically decrypted when SQL Server loads it into memory from disk storage, which means that a client can query the database within the server environment without having to perform any decryption operations. The database is encrypted again when saved to disk storage. When using TDE, data is not protected by encryption while in memory. Only one encryption key at a time per database can be used for TDE.
- To use Cell-Level Encryption (CLE), you must specify the data to be encrypted and the key(s) with which to encrypt it. CLE uses one or more keys to encrypt individual cells or columns. It gives the ability to apply fine-grained access policies to the most sensitive data in a database. Only the specified data is encrypted: other data remains unencrypted. This mode of encryption can minimize data exposure within the database server and client applications. You can apply CLE to database tables that are also encrypted using TDE. Note that when using CLE, data is only decrypted in memory when required for use. Separate data can be encrypted using different encryption keys within the same data table.
- Stand-alone service
- Database failover clusters using either nShield Solo or nShield Connect
Data sheet: Database Security Option Pack
Provides seamless integration of Microsoft SQL Server databases with high-assurance nShield hardware security modules.Download
Data Sheet: nShield Connect HSMs
nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.Download
Data Sheet: nShield Solo HSMs
nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.Download
Integration Guide: nShield HSMs in conjunction with Microsoft SQL Server
Comprehensive Integration Guide which provides an overview of how Microsoft SQL Server, nCipher Database Security Option Pack, nShield Security World software, and nShield HSMs can work together in order to enhance security. Includes installation instructions, configuration options, examples and advice on how the product may be used, troubleshooting adviceDownload
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information…Joe Majka,Chief Security Officer