Mission-Critical Operations

SQL Server 2008 R2 offers built-in, transparent data encryption at the database level and exposes encryption functionality to third-party vendors to provide enterprisewide, dedicated key management.

Encrypt data transparently

• Simplify application development by performing all encryption transparently at the database level.

• Enable application developers to access encrypted data without changing existing applications.

• Guard against security breaches if backups or disks are lost or stolen.

• Encrypt all data without increasing database size or impacting performance.

• Ensure consistent data encryption across the enterprise.

Employ extensible key management

• Consolidate your enterprise encryption by using an extensible key management system.

• Use third-party hardware security modules to store encryption keys in a separate system from data.

• Store, retire, and regenerate as many keys as you need without impacting security.

Sign code modules

• Use a certificate to add a digital signature to code modules, such as stored procedures and functions.

• Associate additional permissions to the signature for the duration of the code module execution.

Reduce attack surface area

• Use Policy-Based Management to control which services and features are available.

• Selectively turn on key services that are off by default, as you need them.

• Reconfigure manual services that you deem essential to be automatically started.

Take advantage of a built-in cryptography hierarchy

• Use the built-in cryptography hierarchy in SQL Server 2008 R2 to create asymmetric keys, symmetric keys, and certificates.

Control access to your data by managing authentication and authorization effectively and by providing access to information only for users who need it.

Enforce enterprisewide password policies and authentication

• Apply Windows Server–based password policies (for length, complexity, and age) even for SQL Server logons.

• Enhance security by specifying Kerberos authentication for all protocols, not just TCP/IP.

• Choose which users connect over which protocols.

• Employ granular control by turning policies on or off and setting expiration per logon.

• Disable a logon if the user is no longer with the company.

Use roles and proxy accounts

• Use fixed database roles to increase control over agent services.

• Use multiple proxy accounts to make execution of a SQL Server Integration Services package more secure.

Provide security-enhanced metadata access

• Improve metadata security by using catalog views.

• Enable users to view metadata only for those objects that they have access to.

Enhance security features with execution context

• Use module execution context so that statements within a module run as a particular user, not the calling user.

• Grant the calling user permission to execute the module.

• Create custom permission sets using module execution context.

Simplify permission management

• Use schemas to simplify and improve flexibility of large databases.

• Grant permissions to a schema in order to grant permissions to every object contained in the schema from the present to the future.

Ensure compliance with company policies or government regulations like HIPAA and PCI Data Security Standard.

Configure the surface area with automated Policy-Based Management

• Use Policy-Based Management to ensure that servers, databases, and database objects comply with configuration policy.

• Reduce exposure to security threats with the new surface area facet, and control active services and features.

• Define, deploy, and validate policies with Policy-Based Management.

• Perform regular health checks by using On Change, On Demand, and On Schedule features.

Use enhanced auditing features with SQL Server Audit

• Create audits to analyze not only changes to data but also which users are accessing the data.

• Define granular audit actions of users or roles on database objects.

• Manage the size of audit logs by determining which specific users and tables to audit.

• Detect any misuse of permissions early so that you can take corrective action to mitigate damage.

• Enjoy simple configuration through SQL Server Management Studio.

Create custom auditing solutions with DDL triggers

• Capture and audit data definition language (DDL) activities by using triggers.

• Extend triggers to respond to DDL and data manipulation language (DML) events, improving auditing and enhancing security.

Automatically apply software updates

• Use Windows Update to automatically apply SQL Server 2008 R2 updates.

• Reduce threats caused by known software vulnerabilities.