In addition to upgrading the Blowfish encryption in Release 7.11, please consider the following enhancements:
- Encrypted Field Naming Conventions
Identify Encrypt Field Types as a naming convention in STUDIO. (e.g. “social_security_number_c” becomes “social_security_number_c_encrypt”
- Encrypted Data-at-Rest Search (EncryptSrchIndex)
For “Encrypt” Field Types, automatically create/maintain a “encryptsrchindex” Search Field (aka “BlindIndex”) as either a separate “_cstm column” or as a column in a new Table (e.g. “_srch” or “_hash”). The “encryptsrchindex” field would consist of Bloom filter indexes out of a truncated keyed hash function (or key stretching algorithm). This functionality allows fast SELECT queries on secure data-at-rest, as opposed to building ad hoc memcached search arrays for Encrypted Fields. The related Encrypted Field Naming could be “social_security_number_c_srch”. This must include “salt management” for the EncryptSrchIndex Algorithm.
- Advanced Key Management Support
In addition to the embedded key management required for the Encrypt Field Type, allow the option to use remote key management (e.g. AWS Key Management Service) to improve platform security.