Cryptography Questions

0
Hi, SBM is due to be audited by our internal IT security team soon and they have a bunch of requirements to do with Cryptography. I've read some of the config docs but they do not seem to answer the questions (or i don't understand it :) )

1- Data must be encrypted at rest and transit............ Is this something native? or is this to do with the database (SQL Server 2008)
2 - Parent Root Keys - I do not even know what these are, is this something that would be handled by SBM or internally at my company.


Please can someone point me in the direction of a document or contact who i can discuss this with?

Thanks

Lee

Accepted Answer

Monday, June 05 2017, 02:22 PM - #Permalink
0
For your second question, your IT security team may be referring to certificates or key pairs. Look under the Security section of the SBM Configurator documentation and see if that helps address what they're looking for. These can be generated by SBM or imported depending on your organization's security policy.

http://help.serena.com/doc_center/sbm/ver11_2/configurator/help.html
The reply is currently minimized Show
Responses (2)
  • Accepted Answer

    Wednesday, June 14 2017, 04:42 AM - #Permalink
    0
    Thanks David / David.

    In that case i will need to use HTTPS on both the production box and test box instances. Do you know if this will have any effect on the communication between these boxes and also the composer, repository and notification server? /

    Cheers

    Lee
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 14 2017, 03:02 PM - #Permalink
    0
    I'm guessing "data at rest" means stored on the non-volatile media. Windows has support for both file/directory level encryption and full drive encryption. Your version of SQL Server may have encryption (TDE) as well. Contact your server/Active Directory admins to discuss the pros and cons of windows bitlocker and file-level encryption.
    The reply is currently minimized Show
Your Reply

Recent Tweets