SQLAuthority News – Book Review – Expert SQL Server 2008 Encryption by Michael Coles

Expert SQL Server 2008 Encryption (Paperback)
Michael Coles (Author), Rodney Landrum (Author)

Link to Amazon

“What is your opinion on encryption? What I mean is: In a world filled with data, how do you see encryption?” This is the precise question Michael Coles posed to me on March 3^rd of this year, while we were heading to Starbucks in Seattle. We were both attending the Microsoft MVP Summit there.

In the information era, security has become one of the most vital aspects of life. Although the topic may seem a little mundane, its importance cannot be overemphasized. It is the pillar of the information age and I shudder to think where we would be without it. We don’t leave our houses unlocked and risk thieves or opportunists taking off with our valuables. We also often take precautions, not only to preserve the precious, but also to avoid the sheer hassle of replacement and misuse. So too it should be with our information.

Encryption’s roots are extremely old and it has resolved numerous security problems over the years. In days gone by, couriers were entrusted with letters sealed with a royal wax stamp. If on delivery, the seal was broken, it was obvious that there had been a security breach. This very concept evolved as CRC checksum and developed into a complex algorithm.  While CRC checksum alerted the end user to the fact that content had been modified, its limitation was that it allowed manipulation of the content to occur in the first place. With encryption, only the authenticated owner can access and modify content.

In response to Michael’s question, I began to tell him what I knew about public and private keys. He looked at me doubtfully and asked me directly if I had ever used encryption in my career. My reluctant answer to this was “No”. He strongly suggested that I not underestimate its capabilities and explore its possibilities. I took his advice and have since implemented encryption for many of my clients, who are now far safer from unauthorized access to data.

To be very honest, in my experience, not many people know much about the subject beyond a little about public and private keys.  You do not often find experts discussing symmetric and asymmetric keys, which are just the tip of the iceberg. SQL Server has come a long way with regard to security. Encryption has taken on a whole new meaning in SQL Server 2008. There are many new features such as Extensible Key Management, Transparent Data Encryption, not to mention the pre-2008 ones such as cryptographic hashing, SQL CLR and many more. In performance terms, these are great enhancements.

The one exception is Transparent Data Encryption, where the whole database is encrypted. This can considerably reduce performance if the SQL Server box is not sufficiently powerful. It this is the case, it is a good time to offload all the encryption and decryption to third-party hardware. SQL Server allows third-party management of encryption and decryption through Extensible Key Management.

Extending the earlier courier analogy, consider the fact that even if our letter is secure and safe in our hands, as soon as we hand it to the courier it is exposed to risk and can be compromised. SQL Server 2008 has many new features, which secure data while it is being communicated between applications. A number of features were introduced that check whether data is manipulated during transmission.

Data is everywhere and taking in terms of Terra Bytes (TB) is the current reality. When a large amount of data needs to be handled, there are two major challenges. The first challenge is the actual encryption process and the resources needed to perform it. The second challenge is how to use the data once it has been encrypted.  In a regular database searching through TBs of data can take a very long time. Imagine how long this could take in and encrypted database?

In Seattle, Michael and I discussed these challenges and a few more subjects. The discussion lasted more than four hours. I have always known Michael to be an excellent author. He is renowned in the industry for his expertise of XML and Full Text Search. To my mind, he is an expert who has the extraordinary ability of relating complex concepts in simple terms. No matter how long, boring or complicated the topic, his delivery is always sweet, like chocolate that melts in the mouth.

Michael always addresses uncommon subjects. Perhaps his experience as a Sergeant in the army has given him the spirit to explore the unexplored.  I have never before encountered a single book on the subject of encryption for SQL Server and Michael’s will a “first”.

I recently had the pleasure of reading it and especially like the manner in which he and his co-author, Rodney, explain the significance of encryption. While many of the concepts covered are domain-specific, quite a few topics are common to all and the appendix is a “must read” for anyone planning a security strategy. One thing that really makes this book special is the fact that each module is written independently and you can find solutions by simply reading the relevant one.

I am a hands-on developer and only like books that have a lot of workable examples. With the exception of the first chapter, the book is filled with examples and hands-on experiments. The first chapter in itself is quite unique, as it not only provides a introduction to encryption, but also the very interesting history of encryption.  Even non-technical readers will enjoy this.

Summary:
It is my great pleasure to welcome this one-of-a- kind book to the SQL Server world. There is no doubt that this book is exceptional and will inspire anyone one who is ready to take their current security mechanism to the next level using encryption.

Stars : 5 Stars

Reference: Pinal Dave (https://blog.sqlauthority.com)