Security is always important to data folks and when a new feature like Always Encrypted comes along, it gets your attention. In this episode, we discuss this feature introduced in SQL Server 2016. We are joined by our guest Sam Nasr and he shares an overview and we find it may not cover all the scenarios you might think when you hear the name. Our discussion leads to scenarios in both on-premises and cloud solutions. Joined by Kevin Feasel and Eugene Meidinger, this episode will allow you to be a bit more prepared when you hear someone say all your problems will be solved with Always Encrypted.
Blog by Kasper on BI: Use Always Encrypted data with SSAS and Power BI
“There’s no security that’s completely foolproof. There’s always some penetration holes, there’s always someone that needs to be the master of the keys.”
“You have Always Encrypted available to you and it just makes life a lot easier, and the ability to encrypt data without going through a lot of work.”
“It is not the be-all-end-all, it’s just yet one additional hurdle we can put between us and malicious hackers.”
“No one’s going to want to take on extra responsibility, typically it has to come from the top and they have to mandate it.”
Listen to Learn
01:24 Compañero Shout-Outs
01:54 SQL Trail
02:43 SQL Server in the News will start picking back up soon
03:10 Intro to the guest and topic
05:42 What exactly is the purpose of Always Encrypted?
08:30 Applications need access to the data
09:37 Why Always Encrypted, when there are algorithms out there that I can use?
12:49 The deterministic and randomized settings
15:25 Sam’s recommendation on when to use Always Encrypted
16:38 Always Encrypted is on by default in Azure?
17:38 Request for input from listeners who are managing keys on-premises
20:47 What if you’re using a third-party hardware security module?
21:27 A ‘gotcha’ with Always Encrypted and a compare/contrast of TDE and AE
24:48 How responsibilities with Always Encrypted should be shared
26:03 Last thoughts on Always Encrypted
28:04 SQL Family Questions
33:58 Closing Thoughts
Sam Nasr has been a software developer since 1995, focusing mostly on Microsoft technologies. He’s a Sr. Software Engineer with NIS Technologies where he consults and teaches clients about the latest .Net technologies. Sam has achieved multiple certifications from Microsoft (MCSA, MCAD, MCTS, MCT), and is the leader of the Cleveland C#/VB.Net User Group since 2003. In addition, he’s the leader of the .Net Study Group, Azure Cleveland User Group, an author for Visual Studio Magazine, and a 5x Microsoft MVP. When not coding, Sam loves spending time with his family and friends or volunteering at his local church.
Meet the Hosts
With more than 10 years of working with SQL Server, Carlos helps businesses ensure their SQL Server environments meet their users’ expectations. He can provide insights on performance, migrations, and disaster recovery. He is also active in the SQL Server community and regularly speaks at user group meetings and conferences. He helps support the free database monitoring tool found at databasehealth.com and provides training through SQL Trail events.
Eugene works as an independent BI consultant and Pluralsight author, specializing in Power BI and the Azure Data Platform. He has been working with data for over 8 years and speaks regularly at user groups and conferences. He also helps run the GroupBy online conference.
Kevin is a Microsoft Data Platform MVP and proprietor of Catallaxy Services, LLC, where he specializes in T-SQL development, machine learning, and pulling rabbits out of hats on demand. He is the lead contributor to Curated SQL, president of the Triangle Area SQL Server Users Group, and author of the books PolyBase Revealed (Apress, 2020) and Finding Ghosts in Your Data: Anomaly Detection Techniques with Examples in Python (Apress, 2022). A resident of Durham, North Carolina, he can be found cycling the trails along the triangle whenever the weather's nice enough.