data protection question

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » Administering » data protection question

data protection question

Rate Topic

Display Mode

Topic Options

Author

Message

SD1999

Posted Wednesday, May 12, 2010 6:27 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, May 02, 2013 9:02 AM
Points: 193, Visits: 375

SQL 2005 express sp3 32bit, windows 2003

Good day everyone,

The plan is to let hosting company to manage some sql databases.
However we need to make sure that they will not be able to access data.
What do you think the best approaches would be?
My thoughts are: data (sql server) and backup (third party) encryption.

Even if they have SA level permissions, without decryption keys they shouldn’t be able to read or write to the encrypted tables or database?
Am I right?

Another choice would be to give them access level where they will be able to manage dbs but not see the data.
Any thoughts or suggestions?

Post #920388

GilaMonster

Posted Wednesday, May 12, 2010 6:36 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 4:11 PM
Points: 37,741, Visits: 30,020

Where are you storing the encryption keys?

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #920398

SD1999

Posted Wednesday, May 12, 2010 6:48 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, May 02, 2013 9:02 AM
Points: 193, Visits: 375

i'm thinking... it will be at the hosted site

Post #920409

GilaMonster

Posted Wednesday, May 12, 2010 6:53 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 4:11 PM
Points: 37,741, Visits: 30,020

Then anyone who has access to the hosted site has access to the keys and hence the data.

If you're using SQL column-level encryption then, unless you're encrypting by password, the keys are stored in the database and sysadmins have full permissions on those keys and hence to the encrypted data.

The only real way to prevent a sysadmin from accessing data is to encrypt it in the app and store the keys somewhere where the sysadmin has no permissions.

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #920415

SD1999

Posted Wednesday, May 12, 2010 6:57 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, May 02, 2013 9:02 AM
Points: 193, Visits: 375

Can you please elaborate on appl encryption?
What about permissions that they can do db maintenance only?

Post #920423

« Prev Topic | Next Topic »

Permissions