nShield Database Security Option Pack

The nShield Database Security Option Pack allows you to integrate with Microsoft SQL Server using Microsoft’s Extensible Key Management (EKM) API

nShield Database Security Option Pack

The nShield Database Security Option Pack allows nCipher hardware security modules (HSMs) to seamlessly integrate with Microsoft SQL Server. Encrypting the data in your database protects the data, but the encryption keys that unlock the data must also be protected. The use of HSMs safeguards encryption keys by storing them separately from the data on a secure, trusted platform.

Hardware key protection

Stores database encryption keys in a secure, tamper-resistant environment to prevent copying or tampering. Supports both Transparent Data Encryption (TDE) and cell level encryption

Enforcement of users and roles

Stronger control for accessing encrypted data in Microsoft SQL Server

Tight control of keys

Smart card authentication of administrators firmly controls access to database encryption keys

The SQLEKM provider has been tested to support the Enterprise Editions of:

  • Microsoft SQL Server 2019
  • Microsoft SQL Server 2017

These are supported on the following platforms:

  • Windows Server 2019 R2 Standard (64-bit configuration)
  • Windows Server 2016 (64-bit configuration)

Supported nCipher Security World Software and nShield HSMs

The Database Security Option Pack for SQL Server is fully compatible with V12.40.2 or higher of the Security World Software and the following range of nCipher nShield HSMs:

  • nShield Solo 500+, 6000+ and Solo XC Base/Mid/High
  • nShield Connect 500+, 1500+, 6000+ and Connect XC Base/Mid/High.

Supported types of Database encryption

From a security perspective, the Microsoft SQL Server supports the use of cryptographic keys to protect its databases. These encryption keys can be used to perform two levels of encryption.

  • Transparent Data Encryption (TDE) is used to encrypt an entire database in a way that does not require changes to existing queries and applications. A database encrypted with TDE is automatically decrypted when SQL Server loads it into memory from disk storage, which means that a client can query the database within the server environment without having to perform any decryption operations. The database is encrypted again when saved to disk storage. When using TDE, data is not protected by encryption while in memory. Only one encryption key at a time per database can be used for TDE.
  • To use Cell-Level Encryption (CLE), you must specify the data to be encrypted and the key(s) with which to encrypt it. CLE uses one or more keys to encrypt individual cells or columns. It gives the ability to apply fine-grained access policies to the most sensitive data in a database. Only the specified data is encrypted: other data remains unencrypted. This mode of encryption can minimize data exposure within the database server and client applications. You can apply CLE to database tables that are also encrypted using TDE. Note that when using CLE, data is only decrypted in memory when required for use. Separate data can be encrypted using different encryption keys within the same data table.

Supported deployment configurations:

  • Stand-alone service
  • Database failover clusters using either nShield Solo or nShield Connect

Data sheet: Database Security Option Pack

Provides seamless integration of Microsoft SQL Server databases with high-assurance nShield hardware security modules.


Data Sheet: nShield Connect HSMs

nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.


Data Sheet: nShield Solo HSMs

nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.


Integration Guide: nShield HSMs in conjunction with Microsoft SQL Server

Comprehensive Integration Guide which provides an overview of how Microsoft SQL Server, nCipher Database Security Option Pack, nShield Security World software, and nShield HSMs can work together in order to enhance security. Includes installation instructions, configuration options, examples and advice on how the product may be used, troubleshooting advice

nCipherのチームに参加しませんか? 詳しく見る
スペシャリストに連絡する お問い合わせ