Encryption and Key Management for Microsoft SQL Server

Key Connection for SQL Server

Encryption & Key Management for Microsoft SQL Server

Managing SQL Server TDE and column-level encryption keys with Alliance Key Manager (hardware security module (HSM), VMware, Cloud HSM, or cloud instance) is the best way to ensure encrypted data remains secure. Key Connection for SQL Server stores encryption keys separately from the database server on a secure key manager to meet PCI-DSS, HIPAA/HITECH, GLBA/FFIEC, and other compliance requirements. 



    Cost Effective Encryption Key Management

    The Definitive Guide to SQL Server Encryption Key Management In addition to managing TDE and cell level encryption keys, Alliance Key Manager offers an on-board encryption service - the key never leaves the server. Further, Townsend Security enables customers to encrypt SQL Server databases—including Enterprise and Standard releases—as well as Oracle, IBM DB2/400, MySQL, MongoDB, and more. 

    Cost should not be a barrier to compliance. Our key management model is built to scale from a single server to a multi-server environment. Any organization can now deploy a cost-effective, comprehensive and certified solution to meet key management compliance requirements.

    Meet Compliance Requirements

    Meet encryption key management best practices with separation of duties and dual control.  Store encryption keys separately from the encrypted data on your Microsoft SQL Server with a secure and compliant encryption key management solution. Enforce separation of duties and prevent administrators from having access to SQL Server data and the encryption keys to meet compliance standards.

    Out of the Box Integration with Microsoft SQL Server

    Townsend Security’s encryption key management solution connects effortlessly to the SQL database. It utilizes Microsoft’s (EKM) interface to support both Transparent Data Encryption (TDE) and column-Level encryption on Microsoft SQL Server Enterprise and Standard editions. Our Alliance Key Manager includes an unlimited license to use the Key Connection for SQL Server software. Key Connection for SQL Server is an Extensible Key Management (EKM) Provider that installs in your SQL Server environment to support both Transparent Data Encryption and Cell Level Encryption.

    Automate Key Management Processes

    Save time while addressing compliance requirements for key management. Automate all of your essential key management tasks including rotation, retrieval, and generation, for one server or many, in a central location.


    Deployment & Training Services Are Included
    Complexity is usually the largest concern in integrating encryption key management.  Townsend Security has simplified the process. When businesses choose Alliance Key Manager, they not only receive industry leading encryption key management, but free deployment and security hardening services. Townsend Security’s services team will: 

    • Install and initialize Alliance Key Manager (AKM) virtual image
    • TLS certificate management, download and expiration date tracking
    • Redundancy implementation of mirroring
    • Backup configuration support
    • Security log forwarding via Syslog
    • MFA activation
    • Installation and configuration of Admin Console for key lifecycle management
    • Key retrieval configuration including vSphere, SQL TDE, MongoDB TDE, etc... 


    Features Benefits
    Automatic integration with Microsoft SQL Server Uses Microsoft Extensible Key Management (EKM) interface to support Transparent Data Encryption (TDE)
    A secure and separate key manager stores encryption keys Enforce dual control and separation of duties for compliance by storing encrypted data away from the encryption keys
    Simplify key management tasks Automate key rotation, retrieval, and generation in a central location

    Watch How Easy it is to Set Up TDE and EKM on SQL Server


    Certifications and Validations

    NIST AES compliance (ECB and CBC modes of encryption)

    NIST SHA validation

    NIST RNG validation (x9.31)

    NIST HMAC validation

    NIST FIPS 140-2, level 1



    TLS authenticated secure communications

    GUI console for key management

    Secure web application for server management

    Key Sizes

    AES 128, 192, 256 bit symmetric keys

    RSA 1024,2048, 3072, 4096 bit asymmetric keys