nShield Database Security Option Pack
The nShield Database Security Option Pack allows nCipher hardware security modules (HSMs) to seamlessly integrate with Microsoft SQL Server. Encrypting the data in your database protects the data, but the encryption keys that unlock the data must also be protected. The use of HSMs safeguards encryption keys by storing them separately from the data on a secure, trusted platform.
Stores database encryption keys in a secure, tamper-resistant environment to prevent copying or tampering. Supports both Transparent Data Encryption (TDE) and cell level encryption
Stronger control for accessing encrypted data in Microsoft SQL Server
Smart card authentication of administrators firmly controls access to database encryption keys
- Microsoft SQL Server 2019
- Microsoft SQL Server 2017
- Microsoft SQL Server 2016 (with Service Pack 1)
These are supported on the following platforms:
- Windows Server 2012 R2 Standard (64-bit configuration)
- Windows Server 2016 (64-bit configuration)
The Database Security Option Pack for SQL Server is fully compatible with V12.30 or higher of the Security World Software and the following range of nCipher nShield HSMs:
- nShield Solo 500+, 6000+ and Solo XC Base/Mid/High
- nShield Connect 500+, 1500+, 6000+ and Connect XC Base/Mid/High.
From a security perspective, the Microsoft SQL Server supports the use of cryptographic keys to protect its databases. These encryption keys can be used to perform two levels of encryption.
- Transparent Data Encryption (TDE) is used to encrypt an entire database in a way that does not require changes to existing queries and applications. A database encrypted with TDE is automatically decrypted when SQL Server loads it into memory from disk storage, which means that a client can query the database within the server environment without having to perform any decryption operations. The database is encrypted again when saved to disk storage. When using TDE, data is not protected by encryption while in memory. Only one encryption key at a time per database can be used for TDE.
- To use Cell-Level Encryption (CLE), you must specify the data to be encrypted and the key(s) with which to encrypt it. CLE uses one or more keys to encrypt individual cells or columns. It gives the ability to apply fine-grained access policies to the most sensitive data in a database. Only the specified data is encrypted: other data remains unencrypted. This mode of encryption can minimize data exposure within the database server and client applications. You can apply CLE to database tables that are also encrypted using TDE. Note that when using CLE, data is only decrypted in memory when required for use. Separate data can be encrypted using different encryption keys within the same data table.
- Stand-alone service
- Database failover clusters using either nShield Solo or nShield Connect
Data Sheet: nShield Connect HSMs
nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.Download
Data Sheet: nShield Solo HSMs
nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.Download
Integration Guide: nShield HSMs in conjunction with Microsoft SQL Server
Comprehensive Integration Guide which provides an overview of how Microsoft SQL Server, nCipher Database Security Option Pack, nShield Security World software, and nShield HSMs can work together in order to enhance security. Includes installation instructions, configuration options, examples and advice on how the product may be used, troubleshooting adviceDownload
nCipher Security’s nShield sales team provide excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth and quality of the product documentation gave us confidence that the solution was well thought-out and supportedRobert Fairlie-Cuninghame,QAI technical lead/architect, Memjet
We know the nShield Solo; it’s a foundational component of the system. The system is successful, and it’s been a positive experience working with the nCipher team and its nShield HSM, allowing us to achieve a short time to market and to recover our costs.Gianni Sandrucci, Chief Executive Officer, itAgile
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information…Joe Majka,Chief Security Officer
With our extended experience of relying on nCipher for HSM solutions, when it came to selecting the right component for PassBy[ME] Mobile ID we didn’t need to look at other vendors; nCipher HSMs always deliver the highest level of trust.Dr. Sándor Szöke, Deputy Director of eIDAS Trust Services, Microsec
We have a long history together and we’re extremely comfortable continuing to rely on nCipher solutions for the core of our business. We have used nCipher HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.Neal Harris, Security Engineering Manager, Square, Inc
nCipher Security has given us a beautiful solution around which we’ve developed our own software; equipping us with the abilityto offer our customers a truly compellingvalue proposition. We have found nCipher nShield Connectto be far more secure and friendly to usethan competing solutions. It perfectly meets our needs.Evgeny Vigovsky,COO and CTO, Saifu
The unit cost and performance of nShield enable us to offer a commodity-priced device that is simple enough for even the most technically-adverse merchant to understand and operate. Trust, integrity and security are the foundations of our company, and nCipher helps us to achieve those goals.Julia Wolkerstorfer,Marketing Manager at A-Trust
Our nCipher HSMs protect our encryption keys, safeguarding customer data from breaches. Just as importantly, it helped make achieving PCI DSS compliance far easier and more cost-effective. With the nCipher HSMs, we can easily protect, manage, and rotate encryption keys, enabling PCI DSS compliance without the need for timeconsuming manual controlsTerry Mainiero,Follett Higher Education Group
The move from paper-based to electronic invoicing has proved a great success. There was tight cooperation between our system integrator SETCCE and nCipher and their combined knowledge and experience in this specialist area delivered an ideal solution. The service meets all legislative requirements, provides a better level of service and more flexibility for our subscribers. This gives us an important competitive edge.Bostjan Zaversek,Financial Manager for Si.mobil-Vodafone
Piracy is a problem generally associated with digital content and no less so in the film industry where it is an enormous concern for both studios and distributors who lose billions of dollars each year when films are illegally copied and distributed. The encryption and decryption of content is not a major challenge, however the handling and management of security keys by both the cinema and content owners is. nCipher is an expert in encryption key management and the protection of content and intellectual property, its products offer high levels of assurance and operational efficiency and have enabled Qube to develop an online digital…Rajesh Ramachandran,President and CTO
Modernization of clinical trials is a key initiative for both the pharma industry and global regulatory agencies. In an industry with a 20-year patent cliff – SureClinical’s technology accelerates speed to market and saves companies hundreds of thousands of dollars in shipping costs, maximizing return on investment for new drug therapy investments. The adoption of this technology would be out of the question if it didn’t meet the trust and security requirements mandated by regulatory agencies and the industry. Thales was the only company that was able to provide the assurance and strong cryptographic technology that met both the needs of…Zack Schmidt,President at SureClinical