Frequently Asked Question

Is encryption available for Plato databases?
Last Updated 6 months ago

While early Plato versions offered document and column-level encryption, this was backed out in favour of encrypted connections via native driver in SQL Server 2005 and subsequent database encryption options from SQL Server 2008, or via encrypted Oracle DSN. The key point is that customers have full control over Plato SQL Connection strings that are themselves encrypted, so any of the prevailing vendor standards are available.

Often facilities have their own data encryption policies that can be enacted by infrastructure teams in the database and ODBC connection. Otherwise there's increasing pressure to encrypt: e.g. Microsoft's latest SQL Server ODBC Driver 18.0 now has Encrypted Connection set to Yes/Mandatory by default. Microsoft's explanation in 2022 was

Similar to the HTTP to HTTPS default changes made in web browsers a few
years back (and the security reasons for them), we are changing the default
value of the ‘Encrypt’ connection option from ‘no’ to ‘yes’/’mandatory’…
with the increased emphasis on secure-by-default, the growing use of cloud
databases, and the need to ensure connections are secure, it's time for this
backwards-compatibility-breaking change. We realize this will cause some
disruption, but letting clients try to connect without encryption by default
leaves them open to attack from malicious actors.

Plato Recommendation: Always Encrypted

Customers can utilize early standards like Encrypted Connection relatively easily, by deploying a database server SSL certificate and configuring for it: see https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16

However, Plato apps can also use newer database encryption options, including the latest Always Encrypted feature currently available in all versions of SQL Server 2016 and later. Always Encrypted doesn't only encrypt the connection, it secures data at every point beyond the Plato app, both in motion and at rest. 

While this technology does require some special query considerations, Plato standardized on parameterized queries decades ago which not only offers SQL-Injection protection for customers, but now is highly compatible with Always Encrypted. This would be Plato's recommendation unless customers have their own standard.

Please Wait!

Please wait... it will take a second!