SQL Server 2016: The Data Protection Version

  • Comments posted to this topic are about the item SQL Server 2016: The Data Protection Version

  • Mr. Jones, I have a very basic question / thought: in doing a SQL based application, if I use "all" SQL encryption features, is there a Microsoft SQL back door that hackers are aware of that I do not know about to my database?

    yes, this is intended to sound like the apple vs FBI scenario.

    My point in saying things this way, I would like to say to a client as a feature on my "amazing" application is that 'I do not care if someone copies my database, they cannot decrypt it'.

    This can be a selling point of future applications as the focus on security encryption goes more viral and it becomes more important to companies that their data does not get published on the Inet, though they gave it to Company B to do some Report Analysis against the database.

    Thanks for your WoW (words of wisdom).

  • One thing: There is never a way to prevent encryption from being cracked. Period.

    The iPhone thing is slightly overblown, as the FBI could theoretically copy all the flash RAM and then spend all their time running brute force attacks. This case is because they don't want to do this.

    There is always brute force attacks, including in SQL Server.

    If you use TDE (2008+), then if someone copies your Db files, they are encrypted, but could be brute forced. Hence, choose good passwords (so this takes longer) and protect them. The idea, however, is that the information in the db would not be valuable by the time things are brute forced.

    If you use sym/asym encryption inside the db, there are similar risks, especially if you haven't layered this with TDE. However again, it takes time.

    With Always Encrypted, the keys are on the client, which reduces the attack vector from DBAs/devs/sysadmins if you manage them correctly, but you increase as the certificates exist on other machines. Hopefully you can trust some clients, and they can't be social engineered.

    RLS and DDM have nothing to do here with security. They've convenience for developers, really.

    This help?

  • Is the new Always Encrypted feature of SQL Server 2016 something only available in the Enterprise SKU of SQL Server?

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Rod at work (2/25/2016)


    Is the new Always Encrypted feature of SQL Server 2016 something only available in the Enterprise SKU of SQL Server?

    No idea. SKUs are not released.

  • Steve Jones - SSC Editor (2/25/2016)


    Rod at work (2/25/2016)


    Is the new Always Encrypted feature of SQL Server 2016 something only available in the Enterprise SKU of SQL Server?

    No idea. SKUs are not released.

    Experience tells me it will take a couple of major revisions and a lot of user requests for it to drop to the Standard Edition. I would love to be proven wrong.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • Steve Jones - SSC Editor (2/24/2016)


    The idea, however, is that the information in the db would not be valuable by the time things are brute forced.

    Interesting thought. Maybe that would be true if it took years.

  • Data Driven, announcing SQL 2016, going on now: https://www.microsoft.com/en-us/server-cloud/data-driven.aspx

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply