September 17, 2008 at 9:35 am
I am working on a sql server consoldation project. There is a server that has Patient Health Information (PHI), of course very sensitive data. In dealing with PHI data there are certain restrictions/requirements. Depending on the data, it is somtimes required to be on it's own network,etc. I am trying to find out the level of PHI sesitivity, but I'm also suppose to provide what kind of security controls will be implemented in sql server. This is where I am stumped. I have never been in an ultra-sensitive environment, so security was always easy. I'm not sure what all can be done? My thoughts are, make sure that no other db residing on that server has a user with sysadmin access, but what beyond that? Can someone give me some pointers?
September 17, 2008 at 9:50 am
With 2005/2008, you can encrypt sensitive data, 2008 gives you TDE. you can use certificates and assign them to certain logins/users for decryption, which gives you some control.
DDL triggers and Trace can give you good auditing (xEvents in 2008).
Not sure about what else you would need. Protecting from the DBA/sysadmin is hard.
September 17, 2008 at 2:03 pm
That's a great start. Thank you!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply