[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Hide data in MS SQL Server 2012 table

Posted on 2014-02-21
3
Medium Priority
?
1,130 Views
Last Modified: 2014-02-21
Hello. I have a table in my SQL Server 2012 database that contains some sensitive data.  I have always just relied on the Windows Authentication to control who can access the data in the database. Someone mentioned to me that it was possible to encrypt the data in the table. I have never heard of this. Is this possible?
0
Comment
Question by:Lorrec
3 Comments
 
LVL 10

Accepted Solution

by:
PadawanDBA earned 1000 total points
ID: 39878233
Encryption is a pretty in depth topic!  It is indeed possible and there are several ways to do it.  I would refer you to this article for exhaustive details on the various methods: http://technet.microsoft.com/en-us/library/bb510663.aspx.  My largest problem with using SQL Server's mechanisms for encryption are that there's very little lock/key separation.  I work in a PCI regulated environment where we have dedicated hardware encryption appliances that encrypt the data before it is ever persisted into our databases.  You can additionally create views atop the tables and really lock down access to the tables by only giving access to people on the views that don't reference your sensitive data at all as an additional layer of securing the access to it.
0
 
LVL 23

Assisted Solution

by:Michael Fowler
Michael Fowler earned 1000 total points
ID: 39878511
As noted by PadawaDBA this is very complex and involved subject.

If you would like to have a go in your test environment here are a couple of articles that can get you started

http://technet.microsoft.com/en-us/library/ms179331.aspx
http://blogs.msdn.com/b/lcris/archive/2005/06/09/simple-demo-for-how-to-encrypt-and-decrypt-a-table-column-in-sql-server-2005.aspx

Some questions you need to ask are

1/ What is the risk (impact and likelihood). For the effort involved is it really worth it? As noted above you could use views to further limit access

2/ How secure does it need to be? There are many methods with varying levels of security and levels of difficulty to implement, with the easiest often being the least secure

3/ Don't just look at the database if you have control of the system inputting the data it may be better to encrypt outside of the database

Michael
0
 

Author Closing Comment

by:Lorrec
ID: 39878781
Thank you for the information. This is what I needed.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Viewers will learn how the fundamental information of how to create a table.
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question