Solved

Hide data in MS SQL Server 2012 table

Posted on 2014-02-21
3
1,009 Views
Last Modified: 2014-02-21
Hello. I have a table in my SQL Server 2012 database that contains some sensitive data.  I have always just relied on the Windows Authentication to control who can access the data in the database. Someone mentioned to me that it was possible to encrypt the data in the table. I have never heard of this. Is this possible?
0
Comment
Question by:Lorrec
3 Comments
 
LVL 10

Accepted Solution

by:
PadawanDBA earned 250 total points
ID: 39878233
Encryption is a pretty in depth topic!  It is indeed possible and there are several ways to do it.  I would refer you to this article for exhaustive details on the various methods: http://technet.microsoft.com/en-us/library/bb510663.aspx.  My largest problem with using SQL Server's mechanisms for encryption are that there's very little lock/key separation.  I work in a PCI regulated environment where we have dedicated hardware encryption appliances that encrypt the data before it is ever persisted into our databases.  You can additionally create views atop the tables and really lock down access to the tables by only giving access to people on the views that don't reference your sensitive data at all as an additional layer of securing the access to it.
0
 
LVL 23

Assisted Solution

by:Michael74
Michael74 earned 250 total points
ID: 39878511
As noted by PadawaDBA this is very complex and involved subject.

If you would like to have a go in your test environment here are a couple of articles that can get you started

http://technet.microsoft.com/en-us/library/ms179331.aspx
http://blogs.msdn.com/b/lcris/archive/2005/06/09/simple-demo-for-how-to-encrypt-and-decrypt-a-table-column-in-sql-server-2005.aspx

Some questions you need to ask are

1/ What is the risk (impact and likelihood). For the effort involved is it really worth it? As noted above you could use views to further limit access

2/ How secure does it need to be? There are many methods with varying levels of security and levels of difficulty to implement, with the easiest often being the least secure

3/ Don't just look at the database if you have control of the system inputting the data it may be better to encrypt outside of the database

Michael
0
 

Author Closing Comment

by:Lorrec
ID: 39878781
Thank you for the information. This is what I needed.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question