In my last post, I talked about the process of rotating your encryption keys. It’s just one of those routine maintenance tasks that need to be done from time to time in order to keep your encryption strong for the long haul. One type of rotation I didn’t address in that post was rotation for […]
“Data Security for the Cloud”: A New Pre-Con at SQLSaturday Chicago
More and more companies are considering a move to the cloud, but one aspect of such a migration that may be overlooked in the transition is the security of the data. In many cases, the cloud provider only handles a portion of the security, leaving you to handle the rest. So what, exactly, is your […]
Replacing an expiring SQL Server encryption key
So you’re using encryption in SQL Server, but you’ve discovered that the expiration date of a certificate is expiring. What do you do? The process of safely replacing the certificate is called rotating the encryption key. It’s important to do, and SQL Server makes it a simple, quick process. First, a little background The most […]
Security VC Webinar: TLS 1.2 and SQL Server
The PASS Security virtual chapter hosted a great webinar on Thursday. Amit Banerjee from Microsoft’s SQL Server Tiger Team (b|t) spoke about upgrading our SQL Server instances to use TLS 1.2, including many pitfalls that are frequently encountered. We’re all familiar with SSL – we use it every day without even thinking about it. It’s […]
The SQL Server Security Model, Part 1: Logins [Foundations Friday]
How secure are your databases? No, not your network. Just your databases. If your company is like most, the strongest security has been placed around the outside of your network, at the perimeter. Not all threats come through the front door, though. An increasing number of breaches occur because a hacker found a way around the perimeter […]