Back to Basics for SQL Server
To help ease database administration and data protection concerns, Microsoft Corp. is locking down security and improving best-practices options in its SQL Server database.
The Redmond, Wash., company announced at its Tech Ed conference in San Diego last week that it will embed native data encryption, as well as password and key management support, in SQL Server 2005, code-named Yukon. The security features will first appear in the second beta of Yukon, due later this year.
Also at the event, Microsoft released the final version of BPA (Best Practices Analyzer) for SQL Server 2000, which scans Windows Server System environments and provides database administration and best-practices recommendations. The scans identify optimal conditions for such features as server configurations and database backups.
BPA also includes SQL Server 2005 Upgrade Advisor, which scans a database for outdated or altered elements that could impede a customers efforts to upgrade to Yukon, which is due in the first half of next year.
Through the new security components, SQL Server 2005 users will have the choice of encrypting and decrypting sensitive data and authenticating users through passwords, X.509 certificates or the Windows certificate authority, officials said.
Microsoft recruited third-party SQL Server encryption software vendors Protegrity, of Cary, N.C., and Application Security Inc., of New York, as well as a few undisclosed software partners, to create the Yukon security offering.
The new database encryption measures are aimed at helping customers prepare to comply with regulations such as Californias Database Security Breach Notification Act, the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act.
"With the California database protection act and other initiatives, your credit card, Social Security number and other information has to be protected almost as intensely as medical information," said Tim Kelly, technology director at Total System Services Inc., a credit card processor in Columbus, Ga. "We have to have that type of native encryption because we need to know if some compromise occurs."
Kelly, a Yukon beta tester, said a key customer service application used by Total Systems, called Prophit, relies heavily on SQL Server 2000. BPA has enabled the companys database administrators to gain quicker insight into manual elements or scripted procedures requiring attention, he said. "If I get kind of stupid someday and forget to link an index somewhere, I can at least have this product to help me keep my own development staff in good order," Kelly said.