Microsoft Plans Security Perks for SQL Server 2005

R. A. Hettinga rah at
Wed May 26 21:07:23 EDT 2004


Internet News

 May 25, 2004
Microsoft Plans Security Perks for SQL Server 2005
 By  Clint Boulton

 Little by little, Microsoft (Quote, Chart) is peeling away the layers of
SQL Server 2005, the company's forthcoming database server software. The
Redmond, Wash., software giant unveiled new native security encryption and
decryption support as well as government security certification.

 Operating under the "Do More with Less" mantra at its TechEd 2004
conference in San Diego, Calif., Microsoft is touting more capabilities,
reliability and security at less cost and complexity for the duration of
the show.

 Along those lines, Tom Rizzo, director of product management for SQL
Server, said the company is writing complex encryption and decryption
functionality directly into the product so customers don't have to procure
security features from a third party, or roll their own when the product
becomes generally available next year.

 The idea is to make the already successful product more attractive to
customers, not only by making it more secure, but by saving users any time
or labor associated with building complicated security software.

 While rivals Oracle (Quote, Chart) and IBM (Quote, Chart) offer security
features in their database software, Rizzo told they
aren't doing encryption and decryption and key management the way Microsoft
plans to do it for SQL Server 205.

 "Data encryption and decryption and key management is not for the faint of
heart. This is the harder part of encryption and decryption that our
competitors do not do," Rizzo said. "So imagine the scenario where you want
to have your data encrypted so that just in case someone breaks in, they
can't pull the data out."

 Rizzo said one of the catalysts for Microsoft adding the features to the
forthcoming SQL Server 2005 is the increase of data privacy laws in the
U.S. States such as California are calling for sensitive data to be
protected like never before, which led the SQL Server team to turn to
encryption/decryption features.

 More broadly, Microsoft has taken its lumps from skeptics critical about
its ability to secure products. Success in this area for its keystone
database software could bolster the company's tarnished reputation for
offering safe products.

 Along those lines, Rizzo said Microsoft will put SQL Server 2005 through
the government's Common Criteria certification, a stringent procedure for
securing computer software developed by the National Security

 Common Criteria, which covers auditing, security and Social Security
documentation, is an important certification because enterprises want to be
able to do business with government agencies, which won't reciprocate
unless certain standards of quality are met.

 With the final release delayed along with Whidbey until early 2005, the
second beta of SQL Server 2005 is due this summer, with a third beta
following by the end of the year.

 The third beta is expected to have advanced Data Transformation Services
or extraction, transform and load integration features, that outdo anything
ETL (define) vendors are currently providing.

 In related database news, Rizzo said Microsoft has finished the final
version of SQL Server Best Practices Analyzer, a performance tool that
employs a number of rules, or "best practices" while scanning SQL servers
to help database administrators better maintain the product.

 The software tool automatically scans design, implementation and backup
strategies for DBAs. Rizzo said the November beta topped 40,000 downloads.
Best Practices Analyzer includes SQL 2005 Upgrade Advisor, which will scan
SQL Server 2005 systems when they become available next year.

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list