SQL Server Performance

A Matter of Trust

Discussion in 'EditorsBlog' started by shanetasker, Aug 26, 2008.

  1. shanetasker New Member

    Next week I am presenting two sessions at Tech.Ed New Zealand in Auckland and one session at Tech.Ed Australia in Sydney. One of the sessions I am presenting in New Zealand is a SQL Server 2008 Security Deep Dive. As a result, over the last week or two I have taken an in-depth look at the new Audit feature in SQL Server 2008. This is a feature that has been lacking from SQL Server and required the use of various techniques in order to ensure compliance with regulations such as HIPAA and SOX.
    Auditing is an interesting topic as it is primarily a mechanism that is designed to identify who is looking at and modifying data. In most organizations the database security is such that most users can only access data through an application interface and the functionality that is provided by the application. For example, if the application does not display the remuneration column in the employees table than users have no way to identify what their boss is being paid. But typically, Database Administrators are members of the sysadmin fixed server role, meaning that they control the SQL Server instance. Which begs the question—how do you ensure that you can trust your Database Administrator, especially if the role is provided by a third-party external to the organization?
    - Peter Ward
  2. BrentO New Member

    This one is so tricky. Even if you audit for every select statement done against the database, you still have to worry about your backup files. The DBA can just copy the backup file to his machine, restore it there, and run select statements there without being caught.One fix is application-level encryption: the app handles the encryption & decryption, and stores encrypted data in the database. That way the DBA will just select encrypted data. You still have to worry about the application-level security, though.
  3. Anonymous New Member

    Pingback from Bookmarks about Sql

Share This Page