We Are Not Alone – Protecting Your Data From Alien Data Probes

They walk among us, blending in perfectly, impossible to distinguish from normal humans.  Nobody knows where they came from or what their mission is.  Never staying in one place for long, they roam from one company to the next, looking for ways to gain access to your sensitive data.  We sometimes call them “The Auditors”, and their strange language, consisting of words like “PCI”, HIPAA”, “SOX”, or “PII”, is known as “audit speak”.  Few understand it, which makes interacting with them difficult, but their goal is clear – to find ways to get your data.

Fortunately for you, the DBA, there are tools available to help you.  First and foremost among those tools is encryption.  Using third-party products, or even out-of-the-box features, you can effectively protect your SQL Server data and send The Auditors away in search of an easier target.  Encryption can be a confounding topic, but I hope that by the end of this blog series, you (and I) have a better understanding of what it is, how it works, and what options are out there for you to take advantage of.  This first post will be light on details, but it’s going to serve as my commitment to write more and to continue the series.

I’ll start by highlighting the three “current” flavors of SQL Server and the encryption options available for them.  I’m not promising anything on SQL Server 2012, but I might get around to installing it and experimenting.  Let’s begin:

SQL Server 2000

  • no built-in encryption capabilities
  • third-party options for whole-database encryption
  • third-party options for column-level encryption
  • third-party options for backup encryption

SQL Server 2005

  • built-in support for column-level encryption
  • third-party options for whole-database encryption
  • third-party options for column-level encryption
  • third-party options for backup encryption

SQL Server 2008

  • built-in support for column-level encryption
  • built-in support for whole-database encryption
  • built-in support for backup encryption

Notice that I specify seperately column-level, whole-database, and backup encryption.  Each of these serves a very different purpose, is implemented differently, and has its own unique set of pros and cons.  We’ll talk about all of them, and how they can help you send The Auditors on their way.