I have a general question about the effectiveness of encrypting column(s) in SQL.
So you have a column or more that you have encrypted during the creation of a table. Prior, of course, you create a Master and Private Column Encryption keys.
The encryption and decryption takes place in the .NET application that connects to the database. The Private Key created in the SQL database is exported and imported onto the machine running the .NET application.
My question is this ..
What prohibits someone, a developer, with this certificate from creating their own .NET application to access the data in the encrypted columns of the database, if they have access to that database; for instance a DBA. The whole idea is not only encrypt the data from unauthorized access; but to also keep DBA's from viewing it as well.