[Cialug] OT - SQL Server Encryption

Josh More jmore at starmind.org
Wed Jan 8 10:34:13 CST 2014 

Fundamentally, the issue is one of choices.  With SQL Server, you get to
choose between SQL Authentication and Windows Authentication.  You get to
choose between symmetric and asymmetric encryption. You get to choose
between application-level and system-level encryption.  You get to choose
where to store you keys and this affects how the database starts up.  So
what you get is a bunch of people who only understand their little slice of
the system making decisions that can affect business-level issues like
performance, security and disaster recovery. On top of that, in true
Microsoft style, the documentation only exists in two flavors...HOWTOs that
only get you a little tiny piece of the way there, and robust
mega-documents that presume you already understand how your business works.

On top of that, there are SQL Server consultants who only understand
performance issues and security people (like me) who see how to do it, but
don't have direct access to the systems (for reasons of separation of
duties) and therefore can never claim to have "done" it in real life.

Basically, the entire ecosystem around this problem seems designed to
support the concept of "hire it done by someone else".  The problem is that
all the "someone elses" are in the same mess, so there are a lot of
poorly-understood bad implementations out there.  I'm trying to keep my
client from making the same mistake.

-Josh


On Mon, Jan 6, 2014 at 5:01 PM, Todd Walton <tdwalton at gmail.com> wrote:

> On Mon, Jan 6, 2014 at 9:37 AM, Josh More <jmore at starmind.org> wrote:
>
> > I am having a hell of time finding anyone who has done any SQL Server
> > Encryption work through my usual channels, so please forgive me for going
> > off topic like this.
> >
>
> What considerations are there for encrypting SQL data?  Is it just a matter
> of knowing the technical how-to for whatever system you're using?  Or are
> there unique performance considerations to manage?  Also, I assume this
> would involve encrypting not the database on disk, but the data that's
> stored inside of the database, right?
>
> Just curious about how that world works.
>
> --
> Todd
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list