Database Reference
In-Depth Information
C H A P T E R 4
Security
Compared to other systems in most corporations, database environments receive very little attention
when it comes to security, with a few exceptions such as the banking sector. The reason is that databases
are considered well within the boundaries of internal networks, which are considered secured and
usually inaccessible directly from the Internet.
With the advent of SQL Azure and most Database as a Service solutions, the focus on database
security rises all the way to the top for two primary reasons: you're no longer in control of your data, and
the data is directly accessible from the Internet. As a result, it becomes even more important to take
advantage of all the capabilities of SQL Azure and understand its limitations.
Overview
Before diving in to the specifics of SQL Azure, let's look at a general security framework to assess how
Database as a Service can impact you. The following discussion is based on the basic security principles
encapsulated by confidentiality, integrity, and availability (CIA). This is referred to as the
CIA triad
and is
one of the most accepted forms of security categorization. SQL Azure shifts the balance of the CIA triad
from traditional SQL Server installations.
Confidentiality
Confidentiality
is the ability to ensure that data can be accessed only by authorized users. It's about
protecting your data from prying eyes or from inadvertent leakage by using multiple technologies,
including the following:
•
Encryption
. Creates a
ciphertext
(encrypted information) that can be decrypted
through the use of a shared key or a certificate
•
Hashing
. Generates a ciphertext that can't be decrypted (typically used for
password storage)
•
Access control
. Controls access to data based on contextual information
•
Authentication
. Controls who can access the database and which objects in the
database a user can access
•
Firewall
. Uses technology to limit network connectivity to a list of known
machines
