A Data Protection Policy is associated with an enrolled application and linked to a Baffle Shield. The Data Protection Policy is used to specify the columns or rows in a database for encryption, as well as the keys used in the encryption process. Each column can use a different key for encryption or multiple columns can share a common key.
The following task walks you through the process of defining a Data Protection Policy.
To define a Data Protection Policy, do the following:
- If you're not already on the Application page in the Baffle Manager console, click the Application icon in the left navigation panel.
- Select the Application from the list on which you will configure a data protection policy. At the bottom of the panel at the right, you can specify IP Filtering and add a Baffle Shield, then select Encrypt.
- In the Tree Menu on the left, expand a Database and Schema, then select a Table.
The columns for the table appear in the window on the right.
- Click the checkboxes for the columns to encrypt and select an Encryption Mode (ENC MODE) for each. For an explanation of the default ENC MODE (AES-CTR-DET), see Encryption Mode Types. Also see, Using Format Preserving Encryption and Applying Data Masking.
- For each encryption mode, select or add a DATA FORMAT. The available formats are those supported for the column data type. For more information, see Add, Edit, and View Data Formats.
- (Optional) Specify a Key ID from the drop-down list for the columns. The default value for Key ID is 2. Available Key IDs are displayed in the Key ID dropdown menu for each column. NOTE: Scroll to the right on the column selector and add more keys by clicking (+).
- Click Save and continue to Encrypt and Decrypt Data.