SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

A Fundamental Security Mistake

By Steve Jones,

This editorial was originally published on Dec 9, 2009. It is being re-published as Steve is away at the PASS Summit.

Why doesn't the Express Edition of SQL Server allow for Transparent Data Encryption (TDE)?

If Microsoft is serious about helping clients secure data, this is one feature that should be deployed across all editions. I could even argue that it's more important to have this on Express than Enterprise. After all many of the data loss issues reported in recent years have come because of missing laptops, which often contain data from databases.

I realize that many people don't usually use Express to work with data, preferring another tool like Excel, but we could look to rectify that. We could store the data in an Express edition instance and set up queries against the local database from Excel. And in the places where Express is being used, this would instantly make the data on laptops more secure.

There have been many changes in the last few editions of SQL Server to try and make it more secure. Better coding, more secure defaults, and a number of changes to the engineering process to produce a more secure platform on which we can build applications. This is one more that could really improve database security.

I understand the desire to "upsell" the product and entice people to buy Workgroup edition instead of Express, to use Standard instead of Workgroup, Enterprise instead of Standard. I have nothing against Microsoft moving features around to try and entice people to spend more on their database software. I don't always agree with the features they move around, but for the most part it's splitting hairs about what makes sense for a particular class of customer.

When it comes to security, however, I think there ought to be a different set of standards. It's one thing if only Enterprise Edition allows certificates to log in. It's quite another when a fundamental security feature like TDE isn't available in the editions that would most benefit from it.

I don't know what the feature list will be like for SQL Server 2008 R2, but I certainly hope that TDE is moved to all editions, not just Enterprise Edition.

Update: We still don't get TDE in SQL Server 2014, should we?

Total article views: 413 | Views in the last 30 days: 3
Related Articles

How to use Database mail feature in SQL Server 2000

This article describes a way by which we could use the feature of database mail in SQL Server 2000 i...





SQL Express 2008 Security - Replication Client

How to secure a client database that is merge replicated to a central server


SQL Server 2012 (“Denali”): New Security Features

SQL Server 2012 has many new security features, and three of the bigger new features are: Default Sc...


Security for a Database with SQL Server Express 2005 Backend & MS.Access Front end

Securing a database in Multi-user environment