There are many factors that should be considered when selecting a middleware or integration tool. Reliability, latency, time to install and configure, maintenance, etc. . . . the list goes on and on; but when your data is critical, sensitive, or regulated, one of the most important factors to consider is security. If you are in the financial or health care industry having sensitive data secure is not only necessary, it’s legally required.
BizTalk provides all the necessary tools for an end to end secure transfer of your messages, it doesn’t matter if it’s EDI, HL7 or a proprietary format. Security always rely on the protocols and platforms you are using behind the scenes.
Basically we can split the message level security into three parts:
- The inbound message security
- The process level security
- The outbound message security
In this image taken from the Microsoft MSDN site you can clearly see this three levels.
When talking about security, BizTalk detractors typically point out what they think to be the weakest part of this diagram, the MessageBox. This betrays a lack of understanding of what the BizTalk MessageBox is, and how it works. For the purpose of this discussion, realize that the messagebox is simply another SQL server database, and therefore any security concerns about the messagebox are the same as for any other database.
Considerations to have a secure MessageBox?
The BizTalk Administration Console perspective
When you configure your BizTalk environment, you have to provide some groups and users permissions to perform different type of tasks.
So it’s important that you create those groups according to your enterprise security policies, and add to those groups ONLY the users that really need to be in each of them.
In this link you can find information related to the BizTalk groups and users, and which role they have in the BizTalk architecture. https://msdn.microsoft.com/en-us/library/aa577661.aspx
But what is important for your business is to know the difference between the BizTalk Administrators group and the BizTalk Operators group. It is the administrative roles that can configure, monitor, troubleshoot and track what’s is going on with your BizTalk instances.
“BizTalk Administrator” is a high privilege role and this is the role that has the possibility to track message instances and their content. On the other hand “BizTalk Operator” is a low privilege role that can monitor and can perform troubleshooting actions, but does not have access to any message content or properties.
The different levels of access allocated to these two groups allow security permissions the see the contents of the messagebox to be restricted to the fewest possible number of users (BizTalk Administrators) while a larger group still has the ability to monitor transactions and troubleshoot failures (BizTalk Operators)
This approach is compliant with relevant laws and regulatory frameworks, such as the Administrative Safeguards, and Technical Safeguards portions of the HIPAA Security Rule.
Secure your SQL Server
BizTalk Server limits access to its processes and databases by using minimum user rights; you can secure important data in the system by using features from Microsoft Windows® Server. This mean that it is very important to correctly set up the BizTalk Server Administrators Group and BizTalk host users in a way that they don’t have more user rights than the necessary to do their jobs.
You may be thinking that this is not the most secure scenario. What if someone gain access to my database? What if someone steal my drives or backups? Will they be able to retrieve the data?
Since BizTalk 2010 a SQL server feature called TDE (table data encryption) can be used to secure the database by encrypting the data in real time.
TDE can use either a symmetric or asymmetric key model, and you can choose to use AES or 3DES as the encrypting algorithms. The keys are secured by a certificate.
TDE is a SQL server feature that is transparent to the application, in this case BizTalk, so there’s no extra work that must be done in the BizTalk configuration to apply it.
So, if you want your data to be stored in a secured encrypted environment, what you just need to do is enable TDE in your SQL server at least for the MessageBox (BizTalkMsgBox) database, the tracking database (BizTalkDTADb) and your BAM tables if you are using the BAM portal.
Other important thing to take in consideration is that TDE encrypts data at the Page Level of the database (it’s encrypted on the disk and decrypted as it’s read to memory). This means that data is visible to database administrators. So you need to ensure that you have setup the correct permissions to the db owners and administrators for your BizTalk databases.
Finally you need to consider that this feature allow you to secure the data at the database level and not at the communication level. You need to use other approaches to encrypt your SQL server connections, such as IPSec or SSL.
Art2link has years of proven experience helping companies with strict security policies to setup their BizTalk environments with the right configuration to meet all their needs. Contact us for further information.