Data Security / Encryption

Dear all,

Many of my customers (SugarCRM 7.x or 8.x Pro or Ent) ask us what is the best question to secure SugarCRM data.

Of course, we recommended the main "standards" security options (role/team for end user, VPN access, HTTPS, restricted access to database etc.).

But, the "new" question is more to also secure the database content itself ; is there any standard solution to easily encrypt the database content but let SugarCRM work without restriction.

We know that we could created "encrypted" field inside SugarCRM but the target is more a global database encryption.

It should be a weird question but I'm not a system security expert, so I am open to all your suggestions or experiments.

Kind regards,

Fred

Parents
  • Some things to remember about encrypting a database.  

    1. Encrypting the file system is almost a useless endeavor.  It will only protect your data if the server is stolen and booted by someone who does not have the passphrase.  In order to use an encrypted volume, you must supply the correct passphrase when you mount it. Once mounted its contents are then visible to you as unencrypted data.  So anyone who hacks in, more than likely, won't be stopped.
    2. TDE is only available on the commercial version of MySQL.  Not a complete deal breaker but something to remember.
    3. I have no first hand experience with TDE either so I may be wrong here but TDE seems to have the same basic issue as file system encryption.  If they steal the actual files you are protected.  If they hack into your server while its active, then they can simply access the data the same way SugarCRM does.  
    4. Encryption is great, but unless a passphrase or secondary key is required at every access then anyone with at least as much access as the web user will have access to the data.
    5. The above things being said nothing is as important as actively maintained network security.  
      1. up to date patches on SugarCRM and the OS
      2. Firewalls, VPNs, Tripwires
      3. Aggressive password management rules (changed frequently and hard to guess) both on SugarCRM and the OS it runs on including the MySQL password which on most systems is changed once and never again.
      4. Audit, Audit, Audit and then audit the auditor.
Reply
  • Some things to remember about encrypting a database.  

    1. Encrypting the file system is almost a useless endeavor.  It will only protect your data if the server is stolen and booted by someone who does not have the passphrase.  In order to use an encrypted volume, you must supply the correct passphrase when you mount it. Once mounted its contents are then visible to you as unencrypted data.  So anyone who hacks in, more than likely, won't be stopped.
    2. TDE is only available on the commercial version of MySQL.  Not a complete deal breaker but something to remember.
    3. I have no first hand experience with TDE either so I may be wrong here but TDE seems to have the same basic issue as file system encryption.  If they steal the actual files you are protected.  If they hack into your server while its active, then they can simply access the data the same way SugarCRM does.  
    4. Encryption is great, but unless a passphrase or secondary key is required at every access then anyone with at least as much access as the web user will have access to the data.
    5. The above things being said nothing is as important as actively maintained network security.  
      1. up to date patches on SugarCRM and the OS
      2. Firewalls, VPNs, Tripwires
      3. Aggressive password management rules (changed frequently and hard to guess) both on SugarCRM and the OS it runs on including the MySQL password which on most systems is changed once and never again.
      4. Audit, Audit, Audit and then audit the auditor.
Children
No Data