[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1154
  • Last Modified:

Hide data in MS SQL Server 2012 table

Hello. I have a table in my SQL Server 2012 database that contains some sensitive data.  I have always just relied on the Windows Authentication to control who can access the data in the database. Someone mentioned to me that it was possible to encrypt the data in the table. I have never heard of this. Is this possible?
0
Lorrec
Asked:
Lorrec
2 Solutions
 
PadawanDBAOperational DBACommented:
Encryption is a pretty in depth topic!  It is indeed possible and there are several ways to do it.  I would refer you to this article for exhaustive details on the various methods: http://technet.microsoft.com/en-us/library/bb510663.aspx.  My largest problem with using SQL Server's mechanisms for encryption are that there's very little lock/key separation.  I work in a PCI regulated environment where we have dedicated hardware encryption appliances that encrypt the data before it is ever persisted into our databases.  You can additionally create views atop the tables and really lock down access to the tables by only giving access to people on the views that don't reference your sensitive data at all as an additional layer of securing the access to it.
0
 
Michael FowlerSolutions ConsultantCommented:
As noted by PadawaDBA this is very complex and involved subject.

If you would like to have a go in your test environment here are a couple of articles that can get you started

http://technet.microsoft.com/en-us/library/ms179331.aspx
http://blogs.msdn.com/b/lcris/archive/2005/06/09/simple-demo-for-how-to-encrypt-and-decrypt-a-table-column-in-sql-server-2005.aspx

Some questions you need to ask are

1/ What is the risk (impact and likelihood). For the effort involved is it really worth it? As noted above you could use views to further limit access

2/ How secure does it need to be? There are many methods with varying levels of security and levels of difficulty to implement, with the easiest often being the least secure

3/ Don't just look at the database if you have control of the system inputting the data it may be better to encrypt outside of the database

Michael
0
 
LorrecAuthor Commented:
Thank you for the information. This is what I needed.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now