Protecting SQL Server Data

For as long as there has been something to communicate between two persons there has been data. Today, vast volumes of it are gathered about almost every individual and business. It is the information that we provide when we sign up for an account at our favorite website, fill out a job application, or apply for a mortgage. These valuable, often sensitive, data assets are stored in a SQL Server database, and entrusted to the Database Administrator, who must use every weapon and strategy at his or her disposal in the "war" to protect this sensitive data from would-be hackers, phishers, rumor mongers and identity thieves. Encryption is one of the primary weapons with which this battle can be won, and yet it is treated with trepidation by many, who fear that it will prove "just another way for data to be lost" or "an unjustifiable cost on performance". This book holds the key to "encryption without fear". In it, the author goes way beyond the usual demonstration of the SQL Server cryptographic functions. He explains how to assess and categorize data elements according to sensitivity, regulate access to the various categories of data using database roles, views and stored procedures, and then how to implement an efficient and secure data architecture using the available SQL encryption features, such as cell-level encryption, transparent data encryption and one-way encryption. At each stage the author covers not only how the features work, but also described the situations when they are and are not suitable, and at all times stresses the steps that must be taken to ensure that the solution is maintainable.