Keep your data safe with Microsoft SQL Server 2016
The latest version of Microsoft SQL Server, the industry-leading database management system, has been improved with various security features to aid with the encryption and protection of sensitive data.
A new feature of Microsoft SQL Server 2016 is the ‘Always Encrypted’ database engine. When Always Encrypted is enabled, data in the SQL Server database is encrypted by default. Whilst under this encryption, the protected data can only be accessed by users or applications that have the encryption key. This encryption key is never passed to the SQL Server. Encryption can be either deterministic or random, and – as a way of increasing database performance – only sensitive data is encrypted.
The latest version of Microsoft SQL Server is the first to offer row-level security for data in a database. This allows database developers to set functional restrictions on which users can view which data. These user restrictions can be based on attributes such as location, department, and security clearance – among others. For example, the local branch manager of an international car dealership would only be able to view the rows of the customer database that are relevant to his branch.
Dynamic data masking
An extension of row-level security is the dynamic data masking feature, which allows data to be fully or partially obscured from the user depending on their authorisation. For example, masking can be set up to allow unauthorised users to view only the last four digits of a phone number, or card number, whereas an authorised user would be able to see the number in its entirety.
The four types of masks available are:
- Default – Fully masks the data, with ‘XXXX’ for string data types, ‘0000’ for numeric data types etc.
- Email – Shows the first letter of an email address and masks the rest e.g. firstname.lastname@example.org
- Custom string – Shows the first and last letter of the string with a user defined masking between them e.g. j********s, or 1########7
- Random – Replaces numeric data with a random value from a defined range.
Views and permissions
Database developers can use SQL Server to create various views and privileges to manage the data accessible to users, as well as define the database permissions of each user account. So, if one user only needs to see contact information (address, phone number etc.), and another user needs to see payment information, the database developer can create a view that only includes the information that is relevant to the user. This way, they can only see what they need to – or are allowed to – see.
Permissions can be a combination of SELECT, INSERT, UPDATE, DELETE, REFERENCES, ALTER, or ALL and can be used to manage how users can interact with the database.
SQL Server has been the database platform with the least vulnerabilities for six years running. Microsoft SQL Server 2016 is now available on Windows Cloud Servers from Fasthosts.