Vertica Encryption - Hardware / Data
Is Voltage SecureData the only tool in Vertica used for encryption? Does this option incur additional cost (in terms of $) or is it an out-of-box option that can be enabled on already installed/running system? I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work - in my case, the encryption does not apply to personal data (SS/DOB..etc) - instead, it applies to activity - units sold/dlrs and/or ProductIDs - and all are numbers.
Which method would be best suited for encryption in such case?
Best Answer
-
mosheg Vertica Employee Administrator
1) Is Voltage SecureData the only tool in Vertica used for encryption?
A - It is not the only option but the best one because of the following benefits:
+ The ability to protect data as close to its source as possible.
+ Support for encryption, tokenization, and data masking protection techniques.
+ Data usable for many applications in its de-identified state.
+ The ability to re-identity data securely and when required—only by authorized users and applications.
+ Enables significant reduction of audit scope and costs associated with PCI compliance
+ Protection techniques backed by security proofs and standards.
+ High performance, high scalability, and well matched with Big Data speeds.
+ Broad platform and application support—inside and outside Vertica.
+ Supports the encryption and pseudonymization guidance in the new GDPR
For other options see: https://www.vertica.com/blog/gdpr-ready-recipe/2) Does this option incur additional cost (in terms of $) ?
A - Yes, the license is not for free.3) Is it an out-of-box option that can be enabled on already installed/running system?
A - One need to install Voltage first and follow the instructions here:
https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/ConfiguringAccessToSecureData.htm4) I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work
[..] Which method would be best suited for encryption in such case?
A - You do not have to change the data types of table columns that you want to encrypt.
It also preserves reference integrity: the encrypted values have the same sort order as unencrypted data,
And encrypted values can be cross-referenced between tables,
As long as each instance of the value is encrypted with the same key.
See: https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/IntegratingWithVoltageSecureData.htm1
Answers
Thank you Mosheg for a great summary. Voltage SecureData requires disabling FIPS - is that a bad thing? How do I check if my system is FIPS enabled?
-Anna
@AnuskaWR : You can run the below query to check if FIPS is enabled or not
if it is set to 1, then you have FIPS enabled.