SQL Server 2019 Security Enhancements

• SQL Server 2019 addresses shortcomings in Always Encrypted functionality.
• Other security features help identify sensitive data and prevent accidental exposure.

SQL Server 2019 (currently in preview) is expected to include new security features to help organizations protect sensitive data with minimal performance impact. However, the features come with dependencies and some features require Windows Server, and therefore are unable to work in SQL Server on Linux.

Always Encrypted Improvements

Always Encrypted functionality, introduced with SQL Server 2016, is the most secure and flexible encryption process available in SQL Server. It protects data at rest and in motion, only exposing the unencrypted data to the client-side application. It can be applied to individual columns, as compared to encrypting the entire database.

While extremely secure, Always Encrypted has some limitations. For example, the encrypted data can only be queried with equality comparisons: Complex queries that compare to numeric ranges or do pattern matching require moving all the data to the client application before the data can be filtered. Additionally, the initial database encryption process allows administrators momentary access to unencrypted data.