A Data Protection Policy is associated with an application and linked to a Baffle Shield. The Data Protection Policy is used to specify the columns or rows in a database for encryption, as well as the keys used in the encryption process. Each column can use a different key for encryption or multiple columns can share a common key.
This task walks you through the process of defining a Data Protection Policy.
To define a Data Protection Policy, do the following:
- If you're not already on the Application page in the Baffle Manager console, click the Application icon in the left navigation panel.
- Select the Application from the list on which you will configure a data protection policy.
- In the right side bar for the application and click Encrypt.
The Schema Builder window opens for the configured Data Store.
- In the Tree Menu on the left, expand a Database and select a Table to encrypt.
The columns for the table appear in the window on the right.
- Select the checkboxes for the columns you want to encrypt.
- For each selected column, right-click in the Data Protection column and select a Policy or Mode from the drop-down list. For more information, see Applying data masking formats and Using Format Preserving Encryption. A check mark appears next to selected columns.
- (Optional) Specify a Key ID from the drop-down list for the columns. The default value for Key ID is 2. Available Key IDs are displayed in the Key ID dropdown menu for each column. NOTE: Scroll to the right on the column selector and add more keys by clicking (+).
- Click Save and continue to Encrypt and Decrypt Data.