A client
has recently revisited their need to protect sensitive data in their
application and the database that it connects to. As a DBA it is easy to focus
solely on the database but as I was considering their infrastructure and all
the parts of their system it became clear that that was a small piece of the
puzzle. In terms of protecting data for an entire IT solution there are quite a
few other areas to consider. In this and a few subsequent posts I will discuss
what options there are in securing data. I will attempt to touch on the major
advantages and disadvantages of those options. Obviously, as I'm not a network
or systems admin I will only touch on the concepts to consider that are beyond
the scope of securing the database.
First I
will cover what I know best: SQL Server. There are 2 main encryption methods
serving different purposes:
- Transparent Database
Encryption (TDE) - available for SQL Server 2005+
- Cell-level encryption