Archive for September, 2009

SQL Azure Security

September 11th, 2009 Comments off

The Community Technology Preview (CTP) of SQL Azure is out, but I’m looking for good information on how the data will be appropriately secured. The CTP allows you to provision a database, set a sql username and password, and you’re all set. To access the database all you need is the url, username and password.

That’s great for easy access, but a single username/password combination away from system administrator access to the entire database isn’t exactly a recipe for secure data. To get to my corporate data, I need get past security, have an access pass, log into a computer on the corporate network with a restricted access acount, then I get to run my sql login credentials.

Without additional protection, someone just needs to look over your shoulder as you login when you’re in the office, then they can go home, log in from their computer and have access to everything. Your only protection is rigorous access auditing.

Hopefully Microsoft have thought this all out, and there’s some layered security options – or maybe that’s due after the CTP. I would think that some sort of two factor solution needs to be available – something you have and something you know. A simple solution like issuing a time-limited key file that needs to be physically on the computer where you’re running SQL Management Studio would provide that kind of protection. On with my research…

Categories: Uncategorized Tags: