Easy and Cost Effective way to Encrypt Every SQL Server Database
By: Jeremy Kadlec | Updated: 2022-09-09 | Comments | Related: > Encryption
Several years ago, Becton, Dickinson and Company (BD) recognized the need to protect medical data on diagnostic devices responsible for patient, molecular, cancer and women’s health data. BD recognized that their customers expected their data to be protected and secure even if a device was stolen from a protected hospital or clinic. Learn about the journey BD followed when turning to DBDefence to secure data at rest on their medical devices.
Becton, Dickinson and Company (BD) is an American, multinational medical technology company that manufactures and sells medical devices, instrument systems, and reagents. BD is publicly traded and is #332 on the Fortune 500 and serves the world with their products and solutions. At BD, data security is a top priority, an expectation of their customers and required by numerous sets of legislation.
Based on an interview with David Porter, Senior Software Engineer whose team is responsible for securing integrated diagnostic systems at BD, he explained the need to secure sensitive patient data across numerous devices while keeping the cost of those devices within budget. With BD operating as a Microsoft shop and relying heavily on Microsoft SQL Server for data management, they selected SQL Server Express Edition to support data collection needs on their medical devices to stay within budget. SQL Server Express Edition supports the same database design and has code portability with Standard and Enterprise editions, so the team did not have a learning curve.
SQL Server Express Challenges
As you may know, SQL Server Express does not include encryption technologies to properly secure data at rest even in a secure hospital, leaving sensitive patient data and proprietary BD data vulnerable to a data breach, if stolen. This was a major challenge for David and his team to address. Moving to SQL Server 2019 Standard or Enterprise Edition which ships with Transparent Data Encryption (TDE) would significantly drive up the cost per device, which was not fiscally feasible. This is where BD turned to DBDefence for encrypting sensitive data in SQL Server Express databases (data files and log files) on their medical devices.
DBDefence Database Encryption Solution
Since 2011, DBDefence has delivered an affordable 1 button 128-bit or 256-bit AES transparent data encryption solution for all versions and editions of SQL Server. DBDefence’s installation, database encryption and decryption are fast and intuitive with low performance impact on production systems. No application changes are needed to implement DBDefence’s data protection. Their solution includes three encryption options: 1. encrypt and protect the database files including hiding the schema and code, 2. encryption combine with data masking and 3. only encryption. All avoiding costly and time-consuming upgrades with a seamless encryption process. Further, daily management is simple and straightforward even when troubleshooting databases in numerous locations.
DBDefence delivers the following benefits to secure your data, support your organization and meet regulatory compliance:
- Enterprise-wide AES 256 encryption solution for all SQL Server versions (2008 R2 to 2019) and editions (Express, LocalDB, Web, Standard and Enterprise) with both Windows and Linux support with no application changes
- DBDefence's solution received validation on for their database encryption algorithm on October 15, 2020 from the National Institute of Standards and Technology (NIST). Review the validation.
- Advanced Encryption
- 100% Blackbox Mode
- Hide Schema
- Lockout Administrators
- Granular Application Login Permissions
- Lock down permissions beyond SQL Server capabilities
- Offline database backup protection
- Encrypt databases from third party application providers
- Configure with commercial off the shelf (COTS) applications
- Re-distribution licenses
- Advanced Data Masking
- Always combine with transparent database encryption
- Dynamic data masking
- Role based data masking
From BD’s Pilot of DBDefence to Site Licensing
BD piloted a single medical device platform with DBDefence over four years ago. Along the way, David faced some internal challenges selling DBDefence to numerous Development Teams across BD. The Development Teams were initially apprehensive of adding new software to their medical devices to enable TDE and were looking for reasons not to adopt a database encryption solution. What really sold the Developers on DBDefence were the data security benefits and its simplicity. David remembers, "Once the first team activated DBDefence, it worked and worked well. There were Developers looking for reasons not to use it, but there was nothing significant. The Development Teams recognized DBDefence works well and is not that hard." From there, the adoption and deployment of DBDefence over the years has snowballed to site licensing protecting over 10 device platforms totaling more than 5,000 devices in the field within David’s business unit at BD, which is comprised of more than 20 Development Teams.
DBDefence’s Supreme Support
Beyond the SQL Server database encryption features, David touts the support BD has received from DBDefence as "Supreme Support". He noted that the DBDefence team has "always come through for us", which is a big deal for BD. The DBDefence team response is immediate. BD cannot afford to wait 4 or 5 days for support. With DBDefence, there is no waiting. This is one of the most important aspects for BD adopting DBDefence. If you rely on database encryption to protect your data, the DBDefence team will provide the needed support for your application, your organization and your career.
David summarizes the experience, "We sold DBDefence to the Developers – Support, ease of implementation and maintenance are amazing and we’re not leaving it. It is so cost effective and it works. I wish we could say that about everything. Acceptance is there. DBDefence is well worth it."
As David explains it, the adoption and reliance of DBDefence at BD is "very prolific, because it is all about keeping the data safe." David and his team have found that "DBDefence covers all of our needs, saved our company a ton of money and the support is superior." He goes on to say, "Smart Developers and DBAs will see the value in DBDefence and get a site license to protect data across the board."
If you are in the market for a database encryption solution, turn to DBDefence to protect your data, your clients and your organization. Download an evaluation version of DBDefence – Click Here.
- Learn more about DBDefence:
- Download an evaluation of DBDefence – Click Here.
About the author
View all my tips
Article Last Updated: 2022-09-09