Structured Data Encryption

General Assumptions

1. You want to configure policy in such a way that transparent encryption / decryption only happens for authorized applications.
2. You have already configured your Manager and have successfully connected a TDE Agent to it.
3. You are familiar with how TDE Actions work.

Encrypting Structured Data

e.g. You want to protect Microsoft SQL Server 2012 databases.

Create a Smartpoint

1. Select the TDE tab.
2. Select the Smartpoints tab.
3. Click the Add Smartpoint button.
4. Select the Device/Server you wish to create a new Smartpoint on.
5. Define the path you wish to protect.
6. Select the encryption key you wish to use.
7. Select the Default Policy (we will change this in the next section)
   

   

8. Click Save.

Assign a Policy

1. Select the Smartpoint Policies tab.
2. Choose to edit the Default Policy.
3. Set the Default Action to Deny (This means no processes can navigate the file system location defined in the Smartpoint for which this policy is attached)
   

   

4. Add Application Exception(s) for the SQL Server Agent/Server processes by specifying the full path to the executables.  

   

   Note

   Your paths may be different.

5. Set the Action for these exceptions to Encrypt/Decrypt.

   

   Note

   This ensures that only your database application server and associated processes are allowed to access the file system location defined in the Smartpoint for which this policy is attached.

   
   

   

6. Add an Application Exception for Windows Explorer and set its action to Encrypt/Decrypt.

   

   Note

   If Windows Explorer is not enabled for encrypt/decrypt you will be unable to browse, copy, delete files in any locations protected by this policy.

7. Add Application Exceptions for any other processes that you wish to access the Smartpoint.
   1. e.g. Add your backup software agent for Raw access.
   2. e.g. Add your database query tool(s) for Raw or Encrypt/Decrypt access to perform verification testing.