We have an online employee management application which was built for us by a developer in LAMP - the developer is no longer working with us and we now have a requirement to secure a few fields in a table to make that content as secure as possible.
The fields are an employee date of birth, National Insurance Number /Social Security Number and their bank details (2 fields for this so 4 in total).
I feel we have done what we can to make the server itself secure - the application is hosted on a dedicated server which is managed for us to keep it up to date etc, we use SSL for all web communication and the login is as secure as we can make it but we are still paranoid about someone getting hold of the actual database itself and, therefore, getting access to this sensitive information.
As I understand it, it is possible to encrypt individual fields but how do we then protect the key, for example? I would assume that if someone has access to the server to be able to get a copy of the database then will also have access to the PHP code where the key would be visible in plain format?
Am I missing something? Is there a better way to protect sensitive information of this nature? For the application to be effective we need to store this information so how do we go about achieving belt and braces protection of the data?
Generate a random string that will be the key for you data encryption. All sensitive data will be encrypted with that string as key.
That key itself should be encrypted too, using the admin's login/password as key. Store the encrypted string with the admin's user data.
When the admin logs in, use his login data to decrypt your key, and then use the key to decrypt the sensitive data.
If there is more than one user with access to the sensitive data, simply use their login data to encrypt the key for them on store it with each of these user's other data. If one of these users changes his password, you only need to re-encrypt his copy of the key.