Since Microsoft announced their Trustworthy Computing security initiatives four years ago, the industry has been waiting to see how these initiatives would be implemented in upcoming products.

With the introduction of Microsoft's newest DBMS, SQL Server 2005, it does indeed seem as though they have provided what they have promised

What follows is a two-part article series that provides an in-depth examination of encrypting data in SQL Server 2005. In this article we will exploring key challenges facing database systems and the motivations for providing robust encryption mechanisms directly within the database system.

We will also look at encryption fundamentals and SQL Server 2005's encryption capabilities. A future article will step through creating a database table with encrypted data and working with that data from an ASP.NET 2.0 web application. Read on to learn more! 

Encryption - the "Last Line of Defense"

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex - which in turn increases the possibility that holes will be left open - encryption is becoming the last line of defense in database management system (DBMS) security.

You might be thinking, "What is the use of encryption in modern-day database systems?" That is, if the database administrator (DBA) has done his/her job (i.e. applying all the latest security patches, securing database information with least privilege access in mind, enforcing strong passwords, etc...), then why do we need to add encryption on top of all that!

The reason is that attackers can be clever and security patches are usually put out only after an attacker has exploited a new found weakness. Moreover, perhaps the database administrator overlooked something, or didn't configure the database properly.

Therefore, encryption can be your last line of defense when it comes to exploits that have not yet been patched or for those holes that are left open by accident.

Read more