Miles Neale (11/12/2014)
Gary Varga (11/10/2014)
A good point, however, a company selling a product based (in part) on SQL Server Express should not want to rely on their client encrypting their disk.But if the issue is legal liability the vendor, Microsoft int his case would supply the tools and some advise and be on their way. To do more would be for them to potentially assume some liability for the actions of the client. In general this is something they avoid.
I agree with you that it would be nice if they were able to make the client encrypt, but Microsoft Legal would not let them do that.
M.
I agree that Microsoft is in the clear. They are whether they supply TDE or not. The vendor of the product that has an unencrypted SQL Server Express may attempt to push the responsibility onto the client e.g. by suggesting that the client could/should have used disk encryption tools. The client might be able to argue the the product that utilises SQL Server Express is inherently insecure and, given a scenario where the product's data would be know to be sensitive, the vendor is responsible and the product unfit for purpose.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!