Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

data protection question Expand / Collapse
Author
Message
Posted Wednesday, May 12, 2010 6:27 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, May 5, 2014 8:20 AM
Points: 201, Visits: 405
SQL 2005 express sp3 32bit, windows 2003

Good day everyone,

The plan is to let hosting company to manage some sql databases.
However we need to make sure that they will not be able to access data.
What do you think the best approaches would be?
My thoughts are: data (sql server) and backup (third party) encryption.

Even if they have SA level permissions, without decryption keys they shouldn’t be able to read or write to the encrypted tables or database?
Am I right?

Another choice would be to give them access level where they will be able to manage dbs but not see the data.
Any thoughts or suggestions?



Post #920388
Posted Wednesday, May 12, 2010 6:36 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 1:37 PM
Points: 40,662, Visits: 37,127
Where are you storing the encryption keys?


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #920398
Posted Wednesday, May 12, 2010 6:48 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, May 5, 2014 8:20 AM
Points: 201, Visits: 405
i'm thinking... it will be at the hosted site


Post #920409
Posted Wednesday, May 12, 2010 6:53 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 1:37 PM
Points: 40,662, Visits: 37,127
Then anyone who has access to the hosted site has access to the keys and hence the data.

If you're using SQL column-level encryption then, unless you're encrypting by password, the keys are stored in the database and sysadmins have full permissions on those keys and hence to the encrypted data.

The only real way to prevent a sysadmin from accessing data is to encrypt it in the app and store the keys somewhere where the sysadmin has no permissions.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #920415
Posted Wednesday, May 12, 2010 6:57 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, May 5, 2014 8:20 AM
Points: 201, Visits: 405
Can you please elaborate on appl encryption?
What about permissions that they can do db maintenance only?



Post #920423
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse