Understanding data security in cloned databases created using DBCC CLONEDATABASE

DBCC CLONEDATABASE feature was first introduced in SQL Server with SQL Server 2014 SP2 and was later added to SQL Server 2016 with SP1. The primary design goal for DBCC CLONEDATABASE which the SQL Product team had in mind is to provide mechanism to create fast, minimally invasive and transaction ally consistent database clones, useful…


SQL Server Mysteries: The Case of TDE and Permanent Tempdb Encryption

I’m a huge Sherlock Holmes fan (I’ve read all the books, watch Elementary on CBS every week, and loved the most recent season Four of Sherlock) so when I recently got a question about some unexplained behavior for SQL Server, I thought of the idea of posting some of these as I get and solve…


SQL Server 2014 is FIPS 140-2 compliant

We have recently published a KB article on using SQL Server 2014 in FIPS 140-2-compliant mode. Please see https://support.microsoft.com/en-us/kb/3141890 for more information.  

0

SQL Server Remote Blob Storage (RBS) Credential Store Symmetric Key Rotation

The SQL Server team would like to advise RBS admins on security procedures for rotating the credential store symmetric key.  If a provider requires the setup and use of a secret stored within the credential store (see related article), RBS uses this symmetric key to encrypt any provider secrets which a client may request to…

0

Windows Enforcement of Authenticode Code Signing and Timestamping impact on SQL Server

Windows Enforcement of Authenticode Code Signing and Timestamping has recently announced a change where Windows (version 7 and higher) and Windows Server will no longer trust any code that is signed with a SHA-1 code signing certificate and that contains a timestamp value greater than January 1, 2016. More information about this announcement is documented…

2