The Hitchhiker's Guide to Microsoft SQL Server 2016
OK, so we’re still evaluating SQL Server 2014, but are you ready now to explore Microsoft SQL Server 2016? No rest for the weary! Community Technology Preview (CTP) 2.2 is now available as a public preview of next year’s release. But don’t panic! In this blog entry I will examine three key new features that I found most interesting when exploring the CTP. Specifically, I will be looking at: Always Encrypted, Temporal Data, and the Stretch Database.
Microsoft tells us that the three themes for the SQL Server 2016 release are:
- Mission Critical Performance
- Deeper Insights Across Data
- Hyperscale Cloud
Mission Critical Performance
Selected Feature: Always Encrypted - “The Imitation Game”
Security is more important than ever for mission critical systems especially as we start to explore cloud-based data options. Starting with SQL Server 2005, Microsoft allowed us to use column-level encryption natively within the database engine. Sensitive columns could be encrypted by an application and decrypted as needed providing an “end-to-end” security option. Selected columns would be encrypted on disk, on backup, in memory and over the network. However, column level encryption required application code changes to use functions such as EncryptByKey and DecryptByKey. A Database Encryption Key and an appropriate Certificate were needed to be accessible for encryption or decryption to occur successfully. With SQL Server 2008, Microsoft introduced Transparent Data Encryption (TDE) as a feature that would automatically encrypt a whole database without having to change application code even for third-party applications. A major benefit was that the “data at rest” would be encrypted, including database files on disk and backups on tape or disk. This feature provided additional security to counter possible physical security vulnerabilities. However, as soon as data was “in motion”, for instance, into memory or over the network, the information was automatically decrypted and therefore not protected.
To read this article in full or to leave a comment, please click here