locked
BizTalk databases encryption RRS feed

  • Question

  • Hi,

    We have a GDPR requirement to encrypt the BizTalk databases.

    Can we encrypt the BizTalk databases ?

    Regards,

    Sharmishtha

    Monday, January 28, 2019 11:25 AM

Answers

  • HOLD ON!

    There is no magic button to make things 'compliant' with any standard.  HIPAA, GDPR, PCI etc.

    You need to work with you compliance team to determine what 'compliance' means to your organization and how to achieve that.  Meaning, 'turn off Tracking' is not a meaningful compliance step unless you and your compliance team understands what that means and what it does.  There are lots of useful things you can track and still remain compliant.

    As for your original question...YES.

    BizTalk Server fully supports SQL Server's Transparent Database Encryption options with all databases.  Additionally, SQL Server supports Windows BitLocker drive encryption.

    • Marked as answer by Sharmishtha Monday, February 4, 2019 11:44 AM
    Friday, February 1, 2019 1:35 PM
    Moderator

All replies

  • I properly configured only administrators have access to the message content in the database
    Even if encrypted administrators should have access in case of disaster recovery

    BizTalk is very tight coupled with MSSQL and the database and the internals should not be tampered with any change will be unsupported in case of an issue

    I the requirement says encrypted content my best advice will be to choose another integration platform than BizTalk

    /Peter

    Monday, January 28, 2019 6:45 PM
  • If you want to be GDPR compliant, it is usually just a matter of switching of Message Body Tracking, so that you don't store the information in the BizTalk databases except for those in flight or suspended messages.  Then you just need to worry about other databases that BizTalk connects to, and you can also look at encrypting the message contents, so even the in flight / suspended messages are encrypted. 

    There is a whitepaper here BizTalk Server and GDPR and another blog post here BizTalk Server and GDPR Considerations: How to properly restrict access to SQL Server stored procedures by Sandro Pereira


    Monday, January 28, 2019 8:20 PM
  • How about the BAM Primary Import Database ? DO we not need to encrypt the data in the BAM databases ?

    Say, we also have the messages in the BAM Relationship Tables.

    Regards,

    Sharmishtha

    Friday, February 1, 2019 1:17 PM
  • HOLD ON!

    There is no magic button to make things 'compliant' with any standard.  HIPAA, GDPR, PCI etc.

    You need to work with you compliance team to determine what 'compliance' means to your organization and how to achieve that.  Meaning, 'turn off Tracking' is not a meaningful compliance step unless you and your compliance team understands what that means and what it does.  There are lots of useful things you can track and still remain compliant.

    As for your original question...YES.

    BizTalk Server fully supports SQL Server's Transparent Database Encryption options with all databases.  Additionally, SQL Server supports Windows BitLocker drive encryption.

    • Marked as answer by Sharmishtha Monday, February 4, 2019 11:44 AM
    Friday, February 1, 2019 1:35 PM
    Moderator