Solved

Hide data in MS SQL Server 2012 table

Posted on 2014-02-21
3
1,047 Views
Last Modified: 2014-02-21
Hello. I have a table in my SQL Server 2012 database that contains some sensitive data.  I have always just relied on the Windows Authentication to control who can access the data in the database. Someone mentioned to me that it was possible to encrypt the data in the table. I have never heard of this. Is this possible?
0
Comment
Question by:Lorrec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
PadawanDBA earned 250 total points
ID: 39878233
Encryption is a pretty in depth topic!  It is indeed possible and there are several ways to do it.  I would refer you to this article for exhaustive details on the various methods: http://technet.microsoft.com/en-us/library/bb510663.aspx.  My largest problem with using SQL Server's mechanisms for encryption are that there's very little lock/key separation.  I work in a PCI regulated environment where we have dedicated hardware encryption appliances that encrypt the data before it is ever persisted into our databases.  You can additionally create views atop the tables and really lock down access to the tables by only giving access to people on the views that don't reference your sensitive data at all as an additional layer of securing the access to it.
0
 
LVL 23

Assisted Solution

by:Michael74
Michael74 earned 250 total points
ID: 39878511
As noted by PadawaDBA this is very complex and involved subject.

If you would like to have a go in your test environment here are a couple of articles that can get you started

http://technet.microsoft.com/en-us/library/ms179331.aspx
http://blogs.msdn.com/b/lcris/archive/2005/06/09/simple-demo-for-how-to-encrypt-and-decrypt-a-table-column-in-sql-server-2005.aspx

Some questions you need to ask are

1/ What is the risk (impact and likelihood). For the effort involved is it really worth it? As noted above you could use views to further limit access

2/ How secure does it need to be? There are many methods with varying levels of security and levels of difficulty to implement, with the easiest often being the least secure

3/ Don't just look at the database if you have control of the system inputting the data it may be better to encrypt outside of the database

Michael
0
 

Author Closing Comment

by:Lorrec
ID: 39878781
Thank you for the information. This is what I needed.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question