Centura Encrypts Its Embedded Database
Centura Software Corp. (www.centurasoft.com) wants to ratchet up what it means to have a secure database.
The embedded database vendor recently released an upgrade to its core SQLBase product that encrypts data in the storage engine. Aiming for "end-to-end" security, Centura officials say SQLBase’s approach can provide encrypted files on the server, on the wire and on any devices working offline.
Scott Broomfield, Centura’s CEO, compares the model to the current idea of a secure database: securing the connection between the client and server and requiring password access to the data, stored in open text. Broomfield believes that model no longer works because many organizations don’t have full-time database administrators and because more organizations are distributing vital data to mobile or distributed users.
"We like this approach because embedded usually lies outside your firewall," Broomfield says. With SQLBase, a stolen laptop falling into a competitor’s hands is worthless. Without the password, the data remains encrypted. Plus password-cracking attempts are rebuffed through a delay mechanism. The server imposes increasingly longer delays in responding to users trying to break in via "trial and error" schemes.
Concerns about internal security are also addressed through Centura’s approach, which encrypts log files, backup files and replicated files as well. For example, an administrator can be given privileges to allocate file sizes and perform other administrative tasks on an application without being able to view the encrypted data. Two levels of check sums provide protection against unauthorized changes to data.
The company positions the product for developers creating applications for banking, insurance and other security-minded organizations. A developer can choose security at four levels: no encryption or cryptographic encryption with SQLBase 7.5 Standard, DES -- 56-bit -- encryption with SQLBase 7.5 SafeGarde or triple-DES -- 128-bit -- encryption with SQLBase 7.5 SafeGarde Max. The company received special permission from the U.S. government to export its 128-bit version. Pricing begins at $395 per user for SQLBase 7.5 Standard, with a 15 percent jump in price for SQLBase 7.5 SafeGarde and about double the price for SQLBase 7.5 SafeGarde Max.
"Usually about 10 percent of an application’s cost is the embedded database," Broomfield says. "A 15 percent uplift to our database is basically 1 percent of the [total] cost."
The higher encryption does have an additional cost: performance. Centura’s numbers show a system processing 37 transactions per second slows to 34 with the DES version and 24 with triple DES. But SQLBase 7.5 has more potential to grow than its predecessor, SQLBase 7.0. The earlier version had a 2 GB file size limit. SQLBase 7.5 scales up to 512 GB.
One big question, however, is whether there is demand for the level of security Centura provides. "My feeling is our timing is perfect," says Joseph Falcone, Centura’s chief technology officer. He says security violations have been publicly reported on the Internet, and Falcone suspects credit card fraud is more prevalent on the Internet than people believe.
E. Brian Kalita, senior analyst for databases and application development tools at Aberdeen Group (www.aberdeen.com), says the ease of security is a differentiator for Centura over other embedded databases, such as those from Progress Software Corp. (home.progress.com) or Pervasive Software Inc. (www.pervasive.com). "These are the first folks who have come in and said we have made security an absolute priority," Kalita says.
Centura’s product is well positioned to take off in sales should a major Internet database security crisis unfold and drive everyone into a security panic, Kalita says. "On the other hand, people who are installing new systems have an option here to take a look at this and say, ‘You know, this is a good idea. Our data needs to be protected from ourselves, as well as from the Internet and extranet,’" Kalita says.
Also last month, Centura disclosed a definitive agreement to acquire Seattle-based embedded database developer Raima Corp. (www.raima.com) for about $6 million. Centura’s SQLBase runs on Microsoft and Novell platforms. The acquisition would give Centura Unix and Linux capabilities with Raima’s Velocis Database Server and entry into the micro-database space with Raima Database Manager. Centura officials says they plan to continue all three product lines and bring their security features to the Raima products.