Create a Data Protection Policy

A Data Protection Policy is associated with an enrolled application and linked to a Baffle Shield. The Data Protection Policy is used to specify the columns or rows in a database for encryption, as well as the keys used in the encryption process. Each column can use a different key for encryption or multiple columns can share a common key. 

The following task walks you through the process of defining a Data Protection Policy. 

To define a Data Protection Policy, do the following:

  1. If you're not already on the Application page in the Baffle Manager console, click the Application icon in the left navigation panel.

    App_icon.png
  2. Select the Application from the list on which you will configure a data protection policy. At the bottom of the panel at the right, you can specify IP Filtering and add a Baffle Shield, then select Encrypt.

    App_DPP_Encrypt-Add-BS.png
  3. In the Tree Menu on the left, expand a Database and Schema, then select a Table.

    TreeMenu_select-database-table.png
    The columns for the table appear in the window on the right.
  4. Click the checkboxes for the columns to encrypt and select an Encryption Mode (ENC MODE) for each. For an explanation of the default ENC MODE (AES-CTR-DET), see Encryption Mode Types. Also see, Using Format Preserving Encryption and Applying Data Masking

    DPP_Select_ENC-MODE.png
  5. For each encryption mode, select or add a DATA FORMAT. The available formats are those supported for the column data type. For more information, see Add, Edit, and View Data Formats.

    DPP_Select_Data-Format.png
  6. (Optional) Specify a Key ID from the drop-down list for the columns. The default value for Key ID is 2. Available Key IDs are displayed in the Key ID dropdown menu for each column. NOTE: Scroll to the right on the column selector and add more keys by clicking (+).
  7. Click Save and continue to Encrypt and Decrypt Data.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.