Download eBook (PDF) - Red Gate Software

CHAPTER 10: LAYERINGSOLUTIONSWhen selecting the security methods that are to be applied to your database, itis important to understand the intended role of each method, within the overallsecurity strategy. All methods have their particular strengths andvulnerabilities, and it is often possible to mitigate the latter.However, any single security method, be it strategic schema design, encryption,obfuscation or role-based permissions, will ultimately fall short in theprotection of sensitive data. In order to significantly reduce the risk of sensitivedata being compromised, the DBA must implement a complex layering ofsecurity methods, strategically utilized and maintained within the database.In the HomeLending database we used a few tables of our schema to illustratethese security methods; but what would this database look like if we were tofully implement the protection methods presented in this book throughout theentire database? In this final, short chapter, we'll take a moment to consider afully implemented HomeLending database, based on all of the presentedmethods.View from the Top FloorAt the highest level, we would want to consider the protection of our databasefiles, including the database backups. In the SQL Server 2005 world, nativeoptions for protecting our physical database files, transaction logs and TempDBsystem database are non-existent. We would need to depend on features of theoperating system, and on third party tools, for this level of protection. Forexample, Red Gate's SQL Backup Pro offers encryption of the backup files. Inthe world of SQL Server 2008, Enterprise Edition, the Transparent DataEncryption feature would be implemented, offering full protection for thephysical files of the database, as well as its backup files.200