When working in the financial services or health care industry, compliance regulations often require systems to store certain data values such as social security numbers, id numbers, or birth dates encrypted.  In the US, we also have several federal and state laws that require "personally identifyable information" to be stored encrypted.

It would be nice to be able to implement this scenario during development by simply specifying that a specific attribute (column) of an entity (table) should be stored encrypted and then have the platform automatically deal with the encryption/decryption during data storage and retrieval.

This would eliminate a lot of developer effort to make sure the data is properly encrypted or decrypted at all of the touch points in a system.

This comment was:
- originally posted on idea '"Store as encrypted" capability on entity attributes.' (created on 02 Mar 2013 by Izak Joubert)
- merged to idea '"Encrypt Data" property on an entity attribute' on 14 Mar 2019 13:32:36 by Jorge Martins

That would be a neat feature to have on the platform :)


This comment was:
- originally posted on idea '"Store as encrypted" capability on entity attributes.' (created on 02 Mar 2013 by Izak Joubert)
- merged to idea '"Encrypt Data" property on an entity attribute' on 14 Mar 2019 13:32:36 by Jorge Martins

It would be nice, but I suppose often on these cases the technical requirements specify the specific way the data is to be encrypted (algorithm, strength...). It's unlikely that this would cover all the cases.

This comment was:
- originally posted on idea '"Store as encrypted" capability on entity attributes.' (created on 02 Mar 2013 by Izak Joubert)
- merged to idea '"Encrypt Data" property on an entity attribute' on 14 Mar 2019 13:32:36 by Jorge Martins

I believe providing even a simple AES 256 based default function already goes a long way towards improving data security, while keeping things simple for the developer.  It may not be exactly what is needed in all cases, but anything is better than nothing.

OS could easily add a few database config parameters to allow the administrator to choose type & strength from a list of basic .NET encryption providers and enter the encyption keys as required by the chosen type (private key, public key, both).  This would probably be sufficient to cover the majority of cases and could be implemented using already available .NET libraries.

For the developer, extending the functionality to cover the special cases, should be as simple as 1) creating an OS extension that exposes the custom encyption logic via an encrypt & decrypt method and 2) changing the database configuration to use the new extension library instead of the built in library.

I'm not suggesting the feature should cover 100% use cases, but if it can help in 80% of the cases, it could be a very valuable feature to help reduce the risk of data leakage and demonstrate a higher level of compliance with data security best practices.



This comment was:
- originally posted on idea '"Store as encrypted" capability on entity attributes.' (created on 02 Mar 2013 by Izak Joubert)
- merged to idea '"Encrypt Data" property on an entity attribute' on 14 Mar 2019 13:32:36 by Jorge Martins