Overview

Background

An “Encryption of Data at Rest” report was produced by PwC. Within the content, a number of recommendations were made.

The primary recommendation was that the University should continue to progress with the Oracle Advanced Security solution. It was agreed that this supported the intended development of the Enterprise Data Warehouse (EDW) and that a project should be initiated to progress.

 

Scope

At a high level, the scope of this project is to undertake:

  •     A review of the outcomes from project DTI021 EDW – Embed & Optimise and  complete any outstanding tasks relating to the Oracle Advanced Security solution and Transparent Data Encryption (TDE).
  •     Agree a satisfactory solution for key management which does not compromise the security of the TDE solution.
  •     Implementation of TDE across the EDW.

 

The project DTI021 will:

  • Create a 2nd staging/foundation database in EDW dev environment (CDTDED/TDEDEV).
  • Enable table-space encryption on this database with the AES256 algorithm (the default is AES128).
  • Set up encryption keys on the server (software key-store, not auto-login).
  • Re-point the Extract-Transformation-Load (ETL) code to go via the new encrypted database.
  • Compare the ETL code running on the encrypted database against code running on the standard staging/foundation database to review performance.

 

At a more detailed level, the scope of this project is to undertake:

  • Review the outcome from DTI021 investigation.
  • Make a decision on the encryption algorithm (this could affect performance and affect the complexity of table-space creation).
  • Determine the encryption key to be used (password, auto-login, local auto-login).
  • Key-store type, location and management to be reviewed (software/hardware, separate infrastructure, key-store VM, security).
  • Risks of TDE implementation to be reviewed alongside requirements and benefits (mainly around security of key-store, added complexity for admin of db, encryption cannot easily be removed once implemented, if the password is lost)
  • Undertake performance testing.
  • Determine the procedures and test standard administration  tasks (backup/recovery, exports, key-store password change, creating new encrypted table-spaces). 

 

Objectives

 

The initial objective is to understand what work has already been undertaken in terms of prior preparation, what tasks have yet to be fulfilled and who as resource are available and skilled to complete.

The second objective focuses on execution and delivery of the security solution, including security key management.

Deliverables

 

Objectives and Deliverables Priority Owner
O.1   Understanding of technical requirements    

D1.1 Work identified and to be carried forward from DTI021 project

Must Development Technology
D2.1 Trial environment has been set-up and is available for use Should Development Technology
O.2   Progression of encryption at rest solution    
D2.1 The encryption algorithm to be used, the encryption key and where it is to be securely stored Must Development Technology
D2.2 A review of the implementation plan, risks, requirements and delivery benefits Must Development Technology

D3.3 Performance testing  (agreement would need to be reached that the results from DTI021 are satisfactory)  

Should Development Technology
D3.4 Implementation  Must Development Technology/Technology Management
O.3   Project documentation will be maintained for future use    
D3.1 Essential go-live documentation has been written and maintenance administration proven Must Development Technology
D3.2 Supplementary supporting documentation has been written and maintenance administration proven    Should Development Technology
D3.3 Instructions have been shared with Production Management Must  Development Technology/Technology Management
O.4  Document all completed/outstanding work at project end    
D4.1 Produce a project closure report Must Project Manager

 

Benefits

 

The safe guard of both present and future data that is/will be contained in the Enterprise Data Warehouse.

Success Criteria

A working advanced security solution in the Enterprise Data Warehouse.

Project Milestones

 

Initiate       Initiate  29-Apr-2019
Plan Planning Sign-off 24-May-2019
Build Deployment to Development Environment       01-Jul-2019
Build Deployment to Test Environment 08-Jul-2019
Accept Test Completion Sign-off 12-Jul-2019
Deliver Deployment Go-live Sign-off 30-Jul-2019
Deliver DSOR Sign-off 31-Jul-2019
Close Project Closure 02-Aug-2019

 

Project Info

Project
Protecting Data in the Enterprise Data Warehouse (EDW)
Code
INF145
Programme
ISG - IS Applications Infrastructure (INF)
Management Office
ISG PMO
Project Manager
Kevin Hone
Project Sponsor
Stefan Kaempf
Current Stage
Close
Status
Closed
Project Classification
Transform
Start Date
29-Apr-2019
Planning Date
24-May-2019
Delivery Date
01-Aug-2019
Close Date
09-Aug-2019
Overall Priority
Normal
Category
Discretionary

Documentation

Plan