IT Pro Connection - “The SQL Guy” Post #20: Using Cell Level Encryption in SQL Server
"Last week you learned how to setup the encryption key hierarchy in SQL Server. Now, let’s use encryption to encrypt sensitive data in SQL Server.
It is quite possible that you might have sensitive data that needs encryption at a finer level of detail than the entire database. Most of the row might need to be visible to users, while certain sensitive information such as employee salary might require encryption. You might also want the ability for certain users to be able to encrypt/decrypt certain cells as shown in figure 1.
The solution is to use cell-level encryption in SQL Server.
With cell-level encryption in SQL Server, it is possible to encrypt data in individual cells within a table.
BENEFITS OF USING CELL-LEVEL ENCRYPTION:
(1) Granular, user specific control on encrypting individual cells or column values rather than entire databases (compared to using Transparent Data Encryption – TDE).
(2) Data retains its encrypted state in memory unless it is actively decrypted.
DRAWBACKS OF USING CELL-LEVEL ENCRYPTION:
(1) Requires application changes and analysis of tables to locate sensitive data that needs to be encrypted.
(2) Encryption of data introduces randomization. This makes it impossible to index data and causes a performance impact since indexes on encrypted columns cannot be used while searching for a value.
(3) Cell-level encryption built-in functions only return varbinary type data and the output is limited to up to 8000 bytes.
If you're saying to yourself, "Gee, I wonder if we should encrypt this..." or "Boy, it would suck if someone unauthorized got this data..." or "Heck, no I wouldn't put my personal data in this, even for testing..." or "Encryption is for sissies" or "But we've got lasers protecting our data center!" then you might be in need of this article...
Related Past Post XRef:
SQL Server Label Security Toolkit - Row/Cell Level Security for SQL Server 2012 (Updated from SQL Server 2008 R2)
Row/Cell Level Security for SQL Server 2008 and you (without expensive add-on's too)
Implementing Row- and Cell-Level Security in Classified Databases Using SQL Server 2005
No comments:
Post a Comment
NOTE: Anonymous Commenting has been turned off for a while... The comment spammers are just killing me...
ALL comments are moderated. I will review every comment before it will appear on the blog.
Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...
I reserve, and will use, the right to not approve ANY comment for ANY reason. I will not usually, but if it's off topic, spam (or even close to spam-like), inflammatory, mean, etc, etc, well... then...
Please see my comment policy for more information if you are interested.
Thanks,
Greg
PS. I am proactively moderating comments. Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...