One of the excellent feature introduced in SQL Server 2016 is "Always Encrypted". This gives an extra layer of protection as no one (including the production DBA's) will be able to access the actual data without having the appropriate key. A high-level overview of how SQL Server 2016 Always Encrypted work: 1. Always Encrypted is a client-side encryption technology in which a SQL Server client driver (In our case, it would be ADO.NET) plays the key role. The driver encrypts the data which application sends as plaintext, and it then sends encrypted data to SQL Server. So, the data is encrypted on the fly as well as at rest. 2. Now when the application retrieves the encrypted data from the database the DRIVER transparently decrypts returning plaintext to the client app. Consequently, SQL Server never sees a sensitive information in plaintext. The keys, in fact, are managed entirely on the client side & the server doesn't have access to the keys either. 3. Th...
I write about things which I am passionate about.