With the continued growth of the cloud and the ubiquity of end user devices, security has become one of the foremost concerns for database and IT professionals. With the release of SQL Server 2016, Microsoft has made security an even higher priority. In this article we’ll look at how SQL Server 2016 and the HPE Superdome X can provide an ultra-secure foundation for your enterprise database applications.
The SQL Server 2016 Security Foundation
SQL Server has been ranked as the most secure enterprise database by National Institute of Standards and Technology (NIST) public security board for the past six years. SQL Server has had the fewest security vulnerabilities when compared with the other enterprise databases. SQL Server has also been ranked as the most secure database by the Information Technology Industry Council (ITIC). SQL Server 2016 provides a layered set of security capabilities that enable enterprises to protect vital data while ensuring access to that data.
SQL Server 2016’s primary security technologies include:
- Always Encrypted – Introduced in SQL Server 2016, Always Encrypted ensures that the data in database is just what the name says--always encrypted. This prevents data access even from highly authorized personnel. New SQL Server application drivers seamlessly encrypt and decrypt the data.
- Transparent Data Encryption (TDE) – TDE protects data at rest by encrypting SQL Server database data files. TDE prevents users from attaching or restoring a database without the proper security certificates.
- Row-Level Security (RLS) – New in SQL Server 2016, RLS enables customers to control access to rows in a database table based on the user or role of the person executing a query. RLS enables you to simplify the coding of your applications by moving the access restriction logic into the database tier and out of the application.
- Dynamic Data Masking (DDM) – Also new in SQL Server 2016, DDM obscures sensitive data from being viewed. It’s important to understand that DDM is a display technology, not an encryption technology. SQL Server 2016 provides several built-in functions that mask different types of data, such as email addresses, and phone numbers.
- Transport Layer Security (TLS) – TLS, updated to version 1.2, protects data in flight using a certificate. This protects against things like man-in-the-middle attacks.
HPE nPars Provide Multiple Partition Isolation
The HPE Superdome augments SQL Server’s security features using a technology called nPars. nPars are essentially separate hardware partitions that can be created on the HPE Superdome X. Each nPar partition can be electrically isolated from the other partitions, effectively enabling the HPE Superdome X to run as if it were completely separate systems. This complete electrical isolation provides a high degree of security between partitions. There is complete isolation at the hardware level, as well as at the software and operating system level. The HPE Superdome X nPar capability enables companies to run multiple operating systems and workloads on the same server system, keeping those workloads completely isolated from one another.
The HPE Superdomes X’s out-of-band Integrated Lights Out Management (iLO) is also secured. It includes a Host/Firewall Bridge that prevents any connection between the iLO management port and the servers Ethernet Ports. iLO access from the host operating system can also be locked down.
HPE and Microsoft are the underwriters of this article.