Encrypting Every SQL Server Database in an Easy and Cost-Effective Way.

Easy and Cost Effective way to Encrypt Every SQL Server Database

Problem 

Becton, Dobson, and Co (BD) noted the significance of safeguarding medical data on diagnostic equipment that deals with the patient, molecular, cancer, and women’s health data. BD realized that even though a device was stolen from a secure hospital or clinic, their clients needed their data to be safe and secure. Learn about BD’s experience with DBDefence when securing data at rest on their medical devices. 

Solution

​Becton, Dickinson, and Firm (BD) is a US-based global medical technology company that manufactures and sells medical equipment, instrumentation systems, and reagents. Data security is a high focus at BD, as it is a customer expectation and mandated by several laws. 

According to an interview with David Porter, Senior Software Engineer at BD, whose team is safeguarding integrated diagnostic systems, the need to secure sensitive patient data across several devices while keeping device costs within budget was explained. BD chose SQL Server Express Edition to stay within budget to fulfill data collecting needs on their medical devices because they are a Microsoft firm and rely extensively on Microsoft SQL Server for data management. The team didn’t have to learn anything because SQL Server Express Edition supports the same database design and has code compatibility with the Standard and Enterprise editions.

Challenges with SQL Server Express

As you may be aware, even in a secure hospital, SQL Server Express does not provide encryption technologies to effectively secure data at rest, leaving sensitive patient data and proprietary BD data exposed to a data breach if stolen.

It presented a significant barrier for David and his team to overcome. The cost per device will skyrocket if you upgrade to SQL Server 2019 Standard or Enterprise Edition, which features Transparent Data Encryption (TDE). To encrypt sensitive data in SQL Server Express databases (data files and log files) on their medical equipment, BD resorted to DBDefence.

​​

Database Encryption Solution by DBDefense

Since 2011, DBDefence has offered a low-cost 128-bit or 256-bit AES transparent data encryption solution for SQL Server in all versions and editions. The installation, database encryption, and decryption processes in DBDefence are quick and straightforward, with minimal performance impact on production systems. To use DBDefence’s data protection, no application changes are required. 

Three encryption options are available in their solution:

1. Encrypt and protect database files, including obscuring the schema and code.
2. Encryption in conjunction with data masking.
3. Encryption alone.

With a seamless encryption procedure, you can avoid costly and time-consuming changes. Furthermore, daily management is simple, even when troubleshooting databases in multiple places. 

To safeguard your data, help your organization, and satisfy regulatory compliance, DBDefence offers the following features: 

• An enterprise-wide AES 256 encryption solution for all SQL Server versions (2008 R2 to 2019) and editions (Express, LocalDB, Web, Standard, and Enterprise) is available with no application changes. 
• On October 15, 2020, the National Institute of Standards and Technology granted DBDefence’s solution validation for their database encryption technique (NIST). Examine the verification. 
• Encryption with advanced features 

1. a hundred percent Blackbox Mode is a special mode that allows you to see 
2. Schema is hidden. 
3. Administrators of Lockouts 
4. Login Permissions Granular Permissions Granular Permissions Granular Permissions Granular Per 
5. Permissions that go beyond SQL Server’s capabilities should be restricted. 
6. Database backups can be done offline. 

• Integration 

1. Third-party application providers’ databases should be encrypted. 
2. Configure using commercial-off-the-shelf (COTS) software. 
3. Licenses for redistribution 

• Data Masking (Advanced) 

1. Combine with transparent database encryption whenever possible. 
2. Data masking in real-time 
3. Data masking based on roles

From BD’s DBDefense Pilot to Site Licensing

Over four years ago, BD piloted a single medical device platform with DBDefence. David encountered several internal problems while marketing DBDefense to various Development Teams across BD. The Development Teams were hesitant to install additional software to their medical devices to enable TDE. They looked for excuses to avoid using a database encryption solution. The benefits of data security and its simplicity drew the developers to DBDefense. David recalls, “The first team triggered DBDefense, and it worked flawlessly. Developers looked for reasons not to utilize it, but none were substantial. DBDefense works effectively and isn’t too difficult, according to the Development Teams.” Over the years, David’s business unit at BD, which comprises more than 20 Development Teams, has grown to site licensing protecting over ten device platforms totaling more than 5,000 devices in the field.

Supreme Support from DBDefense

In addition to the SQL Server database encryption features, David praises DBDefence’s “Supreme Support” for BD. He stated that the DBDefense team has “always come through for us,” which is a significant accomplishment for BD. The DBDefense crew responds quickly. BD can’t afford to wait four or five days for help. There is no need to stay with DBDefense. It is one of the most critical aspects of BD’s decision to use DBDefense. If you rely on database encryption to protect your data, the DBDefence team will provide the support you need for your application, organization, and career.

David sums up the experience, saying, “We sold DBDefense to the developers since the support, ease of implementation, and maintenance are outstanding, and we won’t be abandoning it. It is extremely cost-efficient and effective. That is something I wish we could say about everything. Acceptance exists. DBDefense is definitely worth the investment.” 

Summary

According to David, DBDefence adoption and reliance at BD is “ubiquitous” because “it’s all about keeping the data safe.” “DBDefense covers all of our demands,” David and his team discovered, “saving our organization a ton of money and providing outstanding assistance.” “Smart developers and DBAs will realize the value in DBDefence and purchase a site license to secure data across the board,” he continues. 

DBDefence can help you protect your data, clients, and company if you’re looking for a database encryption solution.

About Enteros

Enteros offers a patented database performance management SaaS platform. It proactively identifies root causes of complex business-impacting database scalability and performance issues across a growing number of RDBMS, NoSQL, and machine learning database platforms.