---

Keywords: IT security, database encryption, PKI infrastructure, key management, Java Title: Cryptography In The Database Author: Kevin Kenan Publisher: Symantec Press/Addison Wesley ISBN: 0321320735 Media: Book Level: Intermediate/Advanced Verdict: Recommended

Buy US Buy UK

As the subtitle of this book reminds us, encrypting data is the last line of defence once the more traditional defences of firewall and server security have been breached. And, of course, securely encrypting data in a relational database is a difficult problem fraught with traps for the unwary. Database encryption done badly provides a false sense of security which benefits nobody but the person attempting to crack the system. All of this becomes clear in Kevin Kenan's 'Cryptography In The Database'.

Kenan's book is not about encryption/cryptography per se. Those looking for the math behind encryption/decryption algorithms should look elsewhere. Neither is this a book about developing your own algorithms, again, the focus isn't on hand coding your own version of AES. Instead Kenan describes the kind of issues one has to address in database encryption and from there develops an infrastructure and set of processes to match the requirement. Lest this sounds like an airy-fairy exercise in manager-speak, Kenan makes sure that there's real technical meat here, complete with extensive code (in Java), and a complete sample application.

The book itself is structured in four sections: Database Security, A Cryptographic Infrastructure, The Cryptographic Project and Example Code. The latter is in effect an implementation of the project described in the previous section of the book. In all it presents a rounded and practical treatment of a complex topic that ought to be dear to the hearts of many developers and architects.

The writing is on the dry side, but then the intricacies of key management probably entails a certain seriousness. Trying to tease out the pain of using multiple keys to encrypt data by rows and columns of a database, and then having to provide a complete life-cycle for the different keys and how these integrate into a disaster recovery plan and?You get the picture. For those not versed in the practicalities of enterprise database encryption the procedures involved are likely to be more alarming than the software that provides a key vault and key management.

For anybody interested in understanding the ins and outs of database encryption then this is an ideal resource.