SQL Server 2016: Unbeatable Database Security


August 9, 2016

Last month we started the first of a five part series outlining the five key messages that differentiate SQL Server 2016 from its competitors. Now that we’ve covered what makes SQL Server 2016 an industry leader in mission critical OLTP, we’ll dive into security.SQL 2016 Chart

  • Industry Leader in Mission Critical OLTP
  • Most Secure Database
  • Highest Performing Data Warehouse
  • End-to-End Mobile BI on any device
  • In-database Advanced Analytics

Take a look at the chart here from the National Institutes of Standards and Technology showing SQL Server 2016 as the least vulnerable database for the last six years. So how do you interpret this? You can see Oracle had 69 security vulnerabilities in 2006. That doesn’t mean issues weren’t fixed. The real issue for you as customers is two-fold: (1) your data is exposed until a patch is released and then implemented and (2) the number of maintenance windows you have to endure to keep your data secure. With SQL Server you have the least risk of exposure and the least number of maintenance windows.

And Microsoft has even more innovations coming in 2016 that will add to the layers of protection approach when it comes to security. Here are the highlights:

  • SQL Server 2016 has technologies available both at the infrastructure and the database level that have landed it in the number one spot for security.
  • It gives you great tools to protect your data, control access and monitor activity.
  • Improved access control and Windows authentication is improving significantly in Windows Server 2016.
  • Improved row level security and dynamic data masking for controlling access.
  • Auditing capabilities across all these layers in 2016 have improved so you can monitor and track threats.
  • When it comes to protecting data, you might be familiar with Transparent Data Encryption, used to protect data at rest. But what about protecting data in motion? SQL Server 2016 has released new technology that can do that. It’s called Always Encrypted and here’s how it works:
    • Microsoft research has been developing this for over three years, and it is coming into this product for the first time.
    • Modifications were moved to Client side, the client owns the keys….not in the database.
    • What’s especially compelling is that this is client side encryption technology. It does basically all of the heavy lifting on the client side. To roll it out, all the customer needs is .Net Framework 4.6. As a bonus, it has a silent install which makes deploying it across an enterprise easy as it can be done silently.

This is just the high-level overview of what’s new on the security front with SQL Server 2016. Want more info? Tweet us at @WeAreSolvaria. Come back next month for a look at what makes SQL Server 2016 the highest performing data warehouse.