"Store as encrypted" capability on entity attributes.

On our radar
When working in the financial services or health care industry, compliance regulations often require systems to store certain data values such as social security numbers, id numbers, or birth dates encrypted.  In the US, we also have several federal and state laws that require "personally identifyable information" to be stored encrypted.

It would be nice to be able to implement this scenario during development by simply specifying that a specific attribute (column) of an entity (table) should be stored encrypted and then have the platform automatically deal with the encryption/decryption during data storage and retrieval.

This would eliminate a lot of developer effort to make sure the data is properly encrypted or decrypted at all of the touch points in a system.
Created on 2 Mar 2013
Comments (4)
That would be a neat feature to have on the platform :)
It would be nice, but I suppose often on these cases the technical requirements specify the specific way the data is to be encrypted (algorithm, strength...). It's unlikely that this would cover all the cases.
I believe providing even a simple AES 256 based default function already goes a long way towards improving data security, while keeping things simple for the developer.  It may not be exactly what is needed in all cases, but anything is better than nothing.

OS could easily add a few database config parameters to allow the administrator to choose type & strength from a list of basic .NET encryption providers and enter the encyption keys as required by the chosen type (private key, public key, both).  This would probably be sufficient to cover the majority of cases and could be implemented using already available .NET libraries.

For the developer, extending the functionality to cover the special cases, should be as simple as 1) creating an OS extension that exposes the custom encyption logic via an encrypt & decrypt method and 2) changing the database configuration to use the new extension library instead of the built in library.

I'm not suggesting the feature should cover 100% use cases, but if it can help in 80% of the cases, it could be a very valuable feature to help reduce the risk of data leakage and demonstrate a higher level of compliance with data security best practices.

You are referring to .NET only, don't forget there is a JAVA stack as well.