SQL Server 2016 Security Enhancements

SQL Server 2016, available in preview, enhances security to match competitor products and remove barriers to using SQL Server in highly secure applications. The changes secure data at rest and in motion, automate data masking to hinder the exposure of sensitive data, and provide granular row-level controls to protect data in multitenant databases. The features are transparent to applications, which increases security and could help minimize the number of modifications required for applications to take advantage of them. However, applying some security features will have performance implications, and the enhancements may not be available in all editions of SQL Server.

Data Encrypted in Motion

Improved SQL Server encryption capabilities, called Always Encrypted, provide centralized organizational control of data encryption processes to protect data whether at rest or in motion. Always Encrypted enhances SQL Server’s existing transparent data encryption (TDE) for data at rest and extends it to data in transit. Always Encrypted can help organizations protect sensitive data from a variety of risks, including rogue administrators, backup thieves, and man-in-the-middle attacks where decrypted data is stolen by hackers while in transit. The improvements may also allow SQL Server to be used for applications with specific compliance requirements, such as financial transactions and intellectual property protection that could not be addressed in earlier versions.