Pro encryption in SQL Server 2022 : provide the highest level of protection for your data / Matthew McGiffen.
McGiffen, Matthew, author.
2022
QA76.9.D3
Available Online

Linked e-resources

Linked Resource Online Access
Concurrent users Unlimited
Authorized users Authorized users
Document Delivery Supplied Can lend chapters, not whole ebooks

Details

Title Pro encryption in SQL Server 2022 : provide the highest level of protection for your data / Matthew McGiffen.
Author McGiffen, Matthew, author.
Edition [First edition].
ISBN 9781484286647 (electronic bk.)
1484286642 (electronic bk.)
1484286634
9781484286630
DOI https://doi.org/10.1007/978-1-4842-8664-7
Published New York, NY : Apress, [2022]
Copyright ©2022
Language English
Description 1 online resource (353 pages) : illustrations (some color)
Other Standard Identifiers 10.1007/978-1-4842-8664-7 doi
Call Number QA76.9.D3
Dewey Decimal Classification 005.7585
Summary This in-depth look at the encryption tools available in SQL Server shows you how to protect data by encrypting it at rest with Transparent Data Encryption (TDE) and in transit with Transport Level Security (TLS). You will know how to add the highest levels of protection for sensitive data using Always Encrypted to encrypt data also in memory and be protected even from users with the highest levels of access to the database. The book demonstrates actions you can take today to start protecting your data without changing any code in your applications, and the steps you can subsequently take to modify your applications to support implementing a gold standard in data protection. The book highlights work that Microsoft has been doing since 2016 to make encryption more accessible, by making TDE available in the standard edition, and the introduction of Always Encrypted that requires minimal work on your part to implement powerful and effective encryption, protecting your data and meeting regulatory requirements. The book teaches you how to work with the encryption technologies in SQL Server with the express goal of helping you understand those technologies on an intuitive level. You'll come away with a deep level of understanding that allows you to answer questions and speak as an expert. The book's aim is to make you as comfortable in deploying encryption in SQL Server as you would be in driving your car to buy groceries. Those with a data security mindset will appreciate the discussion of how each feature protects you and what it protects you from, as well as how to implement things in the most secure manner. Database administrators will appreciate the high level of detail around managing encryption over time and the effect of encryption on database performance. All readers will appreciate the advice on how to avoid common pitfalls, ensuring that your projects to implement encryption run smoothly. What You Will Learn Architect an effective encryption strategy for new applications Retrofit encryption into your existing applications Encrypt data at rest, in memory, and in transit Manage key and certificate life cycles, including backup and restore Recover encrypted databases in case of server failure Work with encryption in cloud-based scenarios Who This Book Is For Database developers, architects, and administrators who want to work with encryption in SQL Server; those who want to maintain encryption whether data is at rest or being transmitted over the network; and those who wish to encrypt their data even when in the server's own memory. Readers should be familiar with SQL Server, but no existing knowledge of encryption is assumed.
Note Includes index.
Access Note Access limited to authorized users.
Source of Description Description based on print version record.
Available in Other Form Pro encryption in SQL Server 2022.
Linked Resources Online Access
Record Appears in Online Resources > Ebooks
All Resources
Intro
Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Part I: Understanding the Landscape
Chapter 1: Purpose of Encryption and Available Tools
What Is the Purpose of Encryption?
Encryption and Data Protection Regulation
Overview of the Tools Available in SQL Server
TDE
Backup Encryption
Always Encrypted
TLS
Hashing and Salting
Encryption Functions
EKM
Recommended Approach to Encryption
Encryption in the Cloud
Summary
Part II: At-Rest Encryption

Chapter 2: Introducing Transparent Data Encryption
What Is TDE?
Understanding Keys and Certificates
Database Encryption Key (DEK)
Certificate and Associated Asymmetric Key Pair
Database Master Key (DMK)
Service Master Key (SMK)
Understanding the Need for the Hierarchy
How Secure Is TDE?
What Are We Protected From?
How Easy Is It to Break Down the Encryption?
Summary
Chapter 3: Setting Up TDE
Creating the Keys and Certificate
Creating the Database Master Key (DMK)
Creating the Certificate
Creating the Database Encryption Key (DEK)

Encrypting the Database
Securing the Root Keys
Encrypting Existing Data with TDE
Benchmarking TDE Performance on Your Server
Monitoring for Problems
What If You Run into Any Performance Problems During the Scan?
What If the Encryption Scan Fails?
Taking Backups While Encryption Is in Progress
Summary
Chapter 4: Managing TDE
Migrating or Recovering a TDE-Protected Database
Create a Database Master Key (DMK) If One Doesn't Exist
Restore the Certificate and Private Key
Restore the Database
Recovering a TDE Database Without the Certificate

Setting Up a New SQL Instance Using the Same Service Account as the Old Instance
Restore Your Backup of Master from the Old Instance onto the New Instance
Reboot Your New Server: The Whole Server, Not Just SQL
Backup Your Certificate and Private Key - and Don't Lose Them This Time
Key Rotation
Creating a New Certificate
Rotating the Certificate
Impact of TDE on Performance
Where Do We See an Overhead?
How to Estimate the Performance Impact for Your Server?
TDE and Backups
Backup Performance
Backup Compression
Backup Compression Issues

TDE and High Availability
Summary
Chapter 5: Backup Encryption
Setting Up Backup Encryption
Creating a Test Database
Create the Database Master Key (DMK)
Creating the Certificate
Permissions
Working with Encrypted Backups
Taking an Encrypted Backup
Restoring an Encrypted Backup
Backup Encryption Performance
Backup Encryption and Compression
Summary
Part III: Column Encryption using Always Encrypted
Chapter 6: Introducing Always Encrypted
SQL Server 2016 vs. SQL Server 2019 and Beyond
How Does Always Encrypted Work?
Encryption Hierarchy

Browse Subjects

Show more subjects...

Statistics

from
to
Export