Enabling Encryption in SQL 2008 but preventing DBA's/System Admin role from viewing encrypted data

  • We are looking to move away from a third party encryption program and use native SQL 2008 encryption in a couple of our databases servers.

    The current ones run SQL 2000 and the way encryption works is any reads/writes to an encrypted column go through the third party .dll attached to the encryption algorithms, and authenticating against a remote appliance that has permissions granted to specific users. This means that even though I am a system admin with full privelages, I do not have authority to see encrypted data because I have not been assigned to an encryption/decryption role.

    For SQL 2008 Enterprise, once I set up the encryption for a column with appropriate keys, I understand that as a system administrator, I would still be able to see the encrypted data because of my admin level. Is this correct or can it be done in a way to avoid this and keep us PCI compliant as well?

    Thanks.

    Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein

  • Sysadmins will still see everything. However, you can set up fine-grained audit to collect who read what from the sensitive database, stating that for all of the X persons you'd like to collect their access to the CardNo column in the Accounts table. Saving this audit log and reviewing it occasionally enables you to meet the PCI criteria (hell of a paperwork...).

  • really? I was under the impression that PCI meant I couldn't see the data at all during routine maintenance...Hmm...this could make things interesting.

    Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein

  • Interesting topic!

    So lets rephrase this question or maybe extend it a little.

    You have encryption which allows you fully 'protect' your sensitive data stored inside your fine sql server database. Now no other user(s) with local admin right can get to your data files. (Lets just assume it for sake of this experiment).... How would you protect your sql server from 'local admins' on the same server... to gain 'system administrator' rights on that sql server?

    any takers?

    Basically what you want to do is to even 'lock out' your sql server into only one windows or sql native sa account, if you know what I mean...

    salute,

    ~Leon

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply