Netherlands: Software

Introductie van Micorosoft SQL Server 2016

Issue link: http://hub-nl.insight.com/i/692679

Contents of this Issue

Navigation

Page 180 of 212

168 C H A P T E R 8 | Improved Azure SQL Database Data Encryption in the Settings blade. Click the On button for Data Encryption in the Transparent Data Encryption blade, as shown in Figure 8-5. Figure 8-5: Enabling TDE in the Azure Management Portal. Cell-Level Encryption When you need to protect sensitive data such as personally identifiable information (PII) or passwords at a more granular level, you can use Cell-Level Encryption (CLE) for SQL Database. It is similar to CLE in on-premises SQL Server but differs in the following ways: The SQL Database service controls and manages the root as a certificate rather than by using an instance-specific Service Master Key (SMK). The Master Key (MK) does not require a password to simplify disaster recovery for cloud-only applications. If you copy data into or out of SQL Database by using BACPAC files or the DACFx API, you might experience data loss for encrypted or signed data because there is no metadata to associate symmetric or asymmetric keys with the protected data. As another option, use certificates to encrypt your data and use the KEY_SOURCE and IDENTITY_VALUE fields so that the symmetric keys can easily be re-created. Note This limitation does not affect physical data-movement scenarios such as backup, database copy, or geo-replication. Encrypted data in transit By default, data is unencrypted in transit. Therefore, it is a common security practice to connect to on- premises instances of SQL Server by using connections secured with Secure Socket Layer (SSL) certificates. You do not need to manage certificates for SQL Database because it has a signed certificate issued by a certificate authority and its connections are automatically encrypted by using SSL for the Tabular Data Stream (TDS) transfer of data. However, to further increase security and to eliminate the possibility of man-in-the-middle attacks, set Encrypt=True and TrustServerCertificate=False in your database ADO.NET connection string.

Articles in this issue

Archives of this issue

view archives of Netherlands: Software - Introductie van Micorosoft SQL Server 2016