High-powered computers and cheap storage have made it possible for businesses to store unprecedented amounts of personal data about their customers. As a result, there has been a big push to secure this confidential information. If your organization falls under the scope of the various regulations and data privacy laws, like the Health Insurance Portability and Accountability Act (HIPAA) or the Securities and Exchange Commission’s Fair and Accurate Credit Transactions Act (FACTA), you’ll be pleased to know that SQL Server 2008 includes several Transact-SQL (T-SQL) extensions and built-in functions to make securing personal data in the database easier than ever.
• The SQL Server encryption model, including the SQL Server encryption hierarchy and the newly introduced concepts of server certificates and database encryption keys
• Transparent data encryption, which allows you to transparently encrypt an entire database at once without affecting front-end and middle-tier applications
• Extensible Key Management (EKM), which allows you to use third-party hardware security modules (HSMs) to manage enterprise encryption keys externally
• Symmetric and asymmetric encryption functions
• Generation of one-way hashes and use of certificates to digitally sign your data
• Use of security catalog views to access security metadata
• Efficiency when querying encrypted data
SQL Server encryption is only a small part of your overall security strategy. Database-level encryption protects your data “at rest,” and is your last line of defense in a total strategy. When developing your total security strategy, you should consider several factors, including physical security, database permissions, security “over the wire,” and client computer and application security. A lot of confusion is caused by people who think that encrypting data at rest on their server is a complete security strategy. Be sure to consider all the different pieces of the puzzle, and don’t assume that database-level encryption alone is a replacement for a complete security strategy.
Source of Information : Apress Accelerated SQL Server 2008
• The SQL Server encryption model, including the SQL Server encryption hierarchy and the newly introduced concepts of server certificates and database encryption keys
• Transparent data encryption, which allows you to transparently encrypt an entire database at once without affecting front-end and middle-tier applications
• Extensible Key Management (EKM), which allows you to use third-party hardware security modules (HSMs) to manage enterprise encryption keys externally
• Symmetric and asymmetric encryption functions
• Generation of one-way hashes and use of certificates to digitally sign your data
• Use of security catalog views to access security metadata
• Efficiency when querying encrypted data
SQL Server encryption is only a small part of your overall security strategy. Database-level encryption protects your data “at rest,” and is your last line of defense in a total strategy. When developing your total security strategy, you should consider several factors, including physical security, database permissions, security “over the wire,” and client computer and application security. A lot of confusion is caused by people who think that encrypting data at rest on their server is a complete security strategy. Be sure to consider all the different pieces of the puzzle, and don’t assume that database-level encryption alone is a replacement for a complete security strategy.
Source of Information : Apress Accelerated SQL Server 2008
|
|
0 comments
Post a Comment