[ale] [OT] TDE - effective, theatre or in between?

[Sid Lane]

can anyone cite a known PII/PHI breach which all else equal TDE would have
prevented?  if not can you describe such a hypothetical breach (again, all
else equal)?  no points for lost unencrypted backups - that's operator
error & trivially avoided..

I've been tasked with developing & deploying a database encryption strategy
for HIPAA-governed PHI & have lots of people touting M$ and/or Oracle TDE.
 I've put a fair bit of effort into studying each and I'm having a hard
time envisioning actual vectors and/or real world attacks against which
they would protect (again, all else equal).  as near as I can tell they DO
guarantee that your backups are encrypted which does have merit but there
are dozens of non-TDE (virtually all far cheaper) to encrypt a database
backup.  additionally, as near as I can tell they decrypt into shared
memory & may (but don't require) re-encrypt for transport (SSL to client).
 am I wrong on these points?

I was on a call today w/a vendor where it was asked:  "well, what if they
physically steal your server?"  to which I replied:  "well, they'd have a
nice doorstop since database is on SAN" which naturally begged:  "well,
what if they steal your SAN?" - um, if someone's able to steal a
multi-cabinet VSP in under four hours without at least six people & a
palette jack & get it off your dock then database encryption (or lack
thereof) may not be your highest priority...

I realize we're probably still going to have to do it anyway to appease
auditors, govt, etc - I just want to know if there's something I'm missing
that will convince me this is substantive & not theatre...

thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130809/2554a526/attachment.html>