We're Moving!

The Vertica Forum is moving to a new OpenText Analytics Database (Vertica) Community.

Join us there to post discussion topics, learn about

product releases, share tips, access the blog, and much more.

Create My New Community Account Now


Vertica Encryption - Hardware / Data — Vertica Forum

Vertica Encryption - Hardware / Data

Is Voltage SecureData the only tool in Vertica used for encryption? Does this option incur additional cost (in terms of $) or is it an out-of-box option that can be enabled on already installed/running system? I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work - in my case, the encryption does not apply to personal data (SS/DOB..etc) - instead, it applies to activity - units sold/dlrs and/or ProductIDs - and all are numbers.
Which method would be best suited for encryption in such case?

Best Answer

  • moshegmosheg Vertica Employee Administrator
    Answer ✓

    1) Is Voltage SecureData the only tool in Vertica used for encryption?
    A - It is not the only option but the best one because of the following benefits:
    + The ability to protect data as close to its source as possible.
    + Support for encryption, tokenization, and data masking protection techniques.
    + Data usable for many applications in its de-identified state.
    + The ability to re-identity data securely and when required—only by authorized users and applications.
    + Enables significant reduction of audit scope and costs associated with PCI compliance
    + Protection techniques backed by security proofs and standards.
    + High performance, high scalability, and well matched with Big Data speeds.
    + Broad platform and application support—inside and outside Vertica.
    + Supports the encryption and pseudonymization guidance in the new GDPR
    For other options see: https://www.vertica.com/blog/gdpr-ready-recipe/

    2) Does this option incur additional cost (in terms of $) ?
    A - Yes, the license is not for free.

    3) Is it an out-of-box option that can be enabled on already installed/running system?
    A - One need to install Voltage first and follow the instructions here:
    https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/ConfiguringAccessToSecureData.htm

    4) I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work
    [..] Which method would be best suited for encryption in such case?

    A - You do not have to change the data types of table columns that you want to encrypt.
    It also preserves reference integrity: the encrypted values have the same sort order as unencrypted data,
    And encrypted values can be cross-referenced between tables,
    As long as each instance of the value is encrypted with the same key.
    See: https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/IntegratingWithVoltageSecureData.htm

Answers

  • Thank you Mosheg for a great summary. Voltage SecureData requires disabling FIPS - is that a bad thing? How do I check if my system is FIPS enabled?
    -Anna

  • SruthiASruthiA Administrator

    @AnuskaWR : You can run the below query to check if FIPS is enabled or not

    select get_config_parameter('RequireFIPS');

    if it is set to 1, then you have FIPS enabled.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file