New SQL Server delivers best enterprise data protection to date

17 Jun 2017 by Joanna Furlong

From small businesses to enterprises, it’s difficult to find a business leader who is not excited about the possibilities of big data. However, big data comes with big responsibilities. It’s a high-risk asset for a business to secure and manage. Security professionals are challenged with trying to strike a delicate balance between providing safe and intuitive access to users while reducing overall risk.

If you’re seeking a new data management platform, without a doubt, security should be given top priority. Some good news on this front: Microsoft’s new SQL Server 2016 features built-in security capabilities, providing the most advanced enterprise data protection to date. These innovations were designed with a three-pronged strategy. First, protect the data. Second, safeguard and control access to the data. And third, give IT enhanced monitoring capabilities to know what’s happening with the data, around the clock.

These new features include Always Encrypted, Row Level Security and dynamic data masking. Read on to see how they can provide strong protection for data residing in your SQL Server 2016 database — and why this is a game changer for how to do business.

Automate your data encryption.

Always Encrypted is Microsoft’s name for its new encryption technology, which encrypts data automatically at the time it’s written, as well as when it’s read by an approved application. Your data is literally always encrypted, regardless of whether it’s at rest or on the move. This significantly increases the number of security checkpoints from previous versions of SQL Server.

Here’s how it works: First, it requires an Always Encrypted-enabled driver to talk to the database. This driver securely transfers encrypted data to the database, only allowing it to be decrypted by an application that has the correct encryption key. In short, the data will never appear in plain text until an application holds the correct encryption key.

Precisely control user access.

Think about the peace of mind your organisation’s leaders will have when you can guarantee that only approved users can view data. Even better, imagine being able to get granular with this concept — down to the row. As data continues to cumulate and user needs become more complex, Microsoft’s answer is Row Level Security, one of the most anticipated features in the new SQL Server.

Row Level Security allows SQL Server tables to be configured so users only see rows within a table to which they’ve been granted access. In other words, users can only see the rows they’ve been returned. And on the developer side, a simple predicate is applied to the query (a filter). Users can browse data securely and only view the rows you wish them to see, regardless of which application they’re using.

Mask your most sensitive data.

What if you don’t want to filter data but wish to protect it at the user level or role level? Dynamic Data Masking (DDM) does just that. DDM gives you total control to “mask” confidential data from users who do not have permission to view it. Four masking functions control how users can view your data: You can choose to fully mask data, partially mask email addresses, partially mask all values or randomly mask values. All choices give you greater control over how your data is viewed and who views it.

The best part is DDM doesn’t slow anyone down. Users can still connect to approved databases and run queries. But in this instance, they’ll only see the data they’re meant to see. Consider this example: Assume you have just two user roles. “John” in your accounts payable department needs access to an entire database to do his job, and “Sarah,” an outside consultant, only needs access to certain fields. Both John and Sarah will be able to query the same database with DDM. John will be able to view all of the data, and Sarah will only see the data she’s been given permission to view.

Security is a business advantage.

Protecting your data is about more than peace of mind. And its importance reaches beyond reducing business risk and liability. In today's fast-moving world of online business, where data is king and companies track more and more customer information, sophisticated security now serves as a competitive advantage.

Customers expect you to protect their data. Business partners sign on with you, trusting you to protect their assets. Do you have the best solutions in place to deliver best-in-class security?