Voltage Security offers to make deploying encryption at the database level less painful with a technique called Format-Preserving Encryption.
Shocking the encryption market is not easy to do, but officials at Voltage
Security must hope their new approach to encryption will do exactly that.
The company's flagship SecureData product uses a cryptographic technique Voltage
Security calls Format-Preserving Encryption. SecureData was first released to
the public in fall of 2007, though the company waited until now to speak about
The overall aim of the approach is to ease the process of encrypting databases.
Unlike traditional algorithms that expand data into binary fields,
Format-Preserving Encryption, or FPE, allows encrypted data to keep its
original format on a character-by-character basis, so that the data fits in
existing fields and there is no need for database schema changes. It also
preserves referential integrity, which enables encryption of foreign and
indexed keys and ensures internal consistency in masked data, company officials
With other approaches to encryption, a nine-digit Social Security
number or a 16-digit credit card number, when encrypted using regular AES,
produces binary blocks of data much larger than nine or 16 digits. Longer
strings require changes to the database size, which means database schema
Click here for eWEEK's Security Dictionary.
"The encrypted data can be stored in place, without any database schema
changes, and all to the same strength as 256-bit AES
[Advanced Encryption Standard]," said Mark Bower, director of information
protection solutions at Voltage Security. "Any information thief would
assume they are accessing the actual, correct numbers. However, obtaining this
data will yield them nothing."
FPE also eliminates the cost and effort of dealing
with applications affected by schema changes, Bower said.
"If you look at the data privacy problem, data resides across all
manner of systems-some more than 25 years old," Bower said. "So
legacy applications that may contain highly sensitive customer data can now
accommodate encryption where before it was impossible; it's not often possible
to change database schemas if the legacy application expects a particular rigid
schema-the applications break."
Forrester Research analyst Paul Stamp said the firm's approach removes a
layer of complexity from the database encryption process.
"It can also make it easier to ship production
data into a test environment, which is a big deal for maintaining security in
the troubleshooting process," Stamp said.