Vertica Encryption - Hardware / Data

Is Voltage SecureData the only tool in Vertica used for encryption? Does this option incur additional cost (in terms of $) or is it an out-of-box option that can be enabled on already installed/running system? I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work - in my case, the encryption does not apply to personal data (SS/DOB..etc) - instead, it applies to activity - units sold/dlrs and/or ProductIDs - and all are numbers.
Which method would be best suited for encryption in such case?

Best Answer

  • moshegmosheg Vertica Employee Administrator
    Answer ✓

    1) Is Voltage SecureData the only tool in Vertica used for encryption?
    A - It is not the only option but the best one because of the following benefits:
    + The ability to protect data as close to its source as possible.
    + Support for encryption, tokenization, and data masking protection techniques.
    + Data usable for many applications in its de-identified state.
    + The ability to re-identity data securely and when required—only by authorized users and applications.
    + Enables significant reduction of audit scope and costs associated with PCI compliance
    + Protection techniques backed by security proofs and standards.
    + High performance, high scalability, and well matched with Big Data speeds.
    + Broad platform and application support—inside and outside Vertica.
    + Supports the encryption and pseudonymization guidance in the new GDPR
    For other options see: https://www.vertica.com/blog/gdpr-ready-recipe/

    2) Does this option incur additional cost (in terms of $) ?
    A - Yes, the license is not for free.

    3) Is it an out-of-box option that can be enabled on already installed/running system?
    A - One need to install Voltage first and follow the instructions here:
    https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/ConfiguringAccessToSecureData.htm

    4) I understand that this option mandates that dates and numeric data types must be cast to varchars in order for encryption to work
    [..] Which method would be best suited for encryption in such case?

    A - You do not have to change the data types of table columns that you want to encrypt.
    It also preserves reference integrity: the encrypted values have the same sort order as unencrypted data,
    And encrypted values can be cross-referenced between tables,
    As long as each instance of the value is encrypted with the same key.
    See: https://www.vertica.com/docs/10.1.x/HTML/Content/Authoring/VoltageIntegration/IntegratingWithVoltageSecureData.htm

Answers

  • Thank you Mosheg for a great summary. Voltage SecureData requires disabling FIPS - is that a bad thing? How do I check if my system is FIPS enabled?
    -Anna

  • SruthiASruthiA Vertica Employee Administrator

    @AnuskaWR : You can run the below query to check if FIPS is enabled or not

    select get_config_parameter('RequireFIPS');

    if it is set to 1, then you have FIPS enabled.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file