Factor Encrypted Data Requirements into your Disaster Recovery Plan

Backups are probably the first, most important thing a DBA can do for his company’s data. Without backups, any number of problems can cause data loss, and significant data loss can be devastating to a company. Of course, without testing those backups, they’re just bits on a disk, and may or not be useful. Testing those backups regularly allows the DBA the practice of restoring so the steps are ingrained when they’re needed for a real recovery, plus it ensures that the backups themselves are good.

Sensitive data in the databases, of course, needs to be encrypted, so that only authorized users have access to that data. We’ve seen too many cases of the wrong people getting access to personal information that leads to fraud and identity theft, so encrypting that data is also critical to a company’s success.

Testing restores of database backups, with encrypted data in the database, becomes a bit more complicated, and it’s important to remember a few things before attempting to restore from backups with encrypted data in SQL Server.

First, and this is really important, back up the service master key and database master key for each database which uses SQL Server encryption. It’s not hard – here are the steps:

use master
GO
BACKUP SERVICE MASTER KEY FROM FILE = 'C:\MyDirectory\ServerSMK.key' ENCRYPTION BY PASSWORD = 'UD58ss6r'
GO
use MyDatabase
GO
BACKUP MASTER KEY FROM FILE = 'C:\MyDirectory\MyDatabaseMK.key'
ENCRYPTION BY PASSWORD = 'UD58ss6r'
GO

Copy these files to somewhere safe, where you know you’ll be able to find them should you find you need to recover the data in these databases.
Now, should you find that you need to recover the database, you can restore the database from backup, then issue the following commands to restore full access to the encrypted data:

use master
GO
RESTORE SERVICE MASTER KEY FROM FILE = 'C:\MyDirectory\ServerSMK.key' DECRYPTION BY PASSWORD = 'UD58ss6r'
GO
use MyDatabase
GO
RESTORE MASTER KEY FROM FILE = 'C:\MyDirectory\MyDatabaseMK.key'
DECRYPTION BY PASSWORD = 'UD58ss6r'
ENCRYPTION BY PASSWORD = 'ccH4QvQCp8Ry6nYSsVxZ5oU'
FORCE
GO

Disaster recovery without testing doesn’t amount to much, so it’s a good exercise for many reasons.

Want to Learn More About SQL Server Disaster Recovery?

If you'd like to learn more about how UpSearch can support your SQL Server disaster recovery initiative, visit SQL Server Disaster Recovery or contact us today.

About the Author

Microsoft SQL Server MVP and Practice Leader

Allen White

Allen White is an UpSearch Alum and Microsoft SQL Server MVP.  For over 30 years, Allen has specialized in developing applications that manage the movement of data and maximize data's usefulness. Allen excels at communicating highly technical information using language that results in increased client engagement and understanding, regardless of technical competency.

Allen has been working with relational database systems for over 20 years. He has architected database solutions in application areas like retail point-of-sale (POS), POS audit, loss prevention, logistics, school district information management, purchasing and asset inventory and runtime analytics. Allen thrives on providing comprehensive solutions to information management problems across a great variety of application environments.

About UpSearch

up-social-round

UpSearch is a leading Microsoft Gold Partner for organizations who rely on Microsoft’s Data Platforms, and its mission is to enable every leader to unlock data’s full potential.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *