on 02-01-2017 8:12 AM
As lars.breddemann has described in an ealier post, the HANA DB encryption is not on the inMemory data but for the data partition and the log files.
So I was wondering if this "all or nothing" approach can be differentiated a bit more. E.g. I don't need to encrypt my whole db, but only a single table. How would I be able to do that? Can I move a single table into an individual data partition?
Also I understand that the only possible way to encrypt an individual field of a table is to encrypt it before storing it on HANA - or did that change and HANA comes now with some support for this (e.g the client provides a secret to encrypt the data but the en-/decyrption is done on the DB and not on the clientt
Hi Bernd,
Good question. We have three different objectives here:
Currently, for SAP HANA 2.0 SPS 00, both data volume (persistence) and redo log encryption is available (but you still need to be careful with your trace files). The encryption takes places a lower level than the database, so you cannot encrypt on the file system just the bits and bytes for table A or column B. It is all or nothing.
Archived storage is addressed (or not) by the backup tool or by the DBA / System Administrator.
Obfuscation/data masking can be addressed by the application but is not a database feature. See, for example https://blogs.sap.com/2014/05/13/how-to-securely-mask-or-hide-column-data-using-sql-map-function-in-... or https://blogs.sap.com/2016/06/15/hana-eim-sdisdq-sps12-data-mask-node-how-to/ (using SDI).
Targeted audit policies and a solid privilege and role management are obviously also very important to protect sensitive data.
I understood that both backup encryption and data masking are high on the feature list for SAP HANA 2.0 SPS 01 but whether they make it to the release remains to be seen. RTC is planned for mid-April.
Regards,
Denys
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bernd,
I have very little visibility of what is happening up there in the cloud so I will have to ask around a bit; I will get back to you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
9 | |
9 | |
7 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.