Slated for release next year, SQL Server 2008 will introduce a number of new
features that promise to help streamline and enrich auditing, compliance, and
security challenges. "SQL Server 2008 will offer improvements in three primary
areas that are of concern for organizations with compliance demands," says Microsoft
Senior Product Manager Niraj Nagrani. "The first is a focus on enhancing the
auditing experience: making every action auditable, allowing rich reports to
be generated for auditing purposes, and providing a rich set of tools that provide
the right level of auditing for different components." SQL Server 2008 will
also support auditing via Data Definition Language (DDL).
Improved (and transparent) data encryption in SQL Server 2008 will allow "all
data coming into and out of the database to be encrypted without any application
modification," Nagrani says. The encrypted data will also be searchable using
a variety of methods, including "fuzzy" search.
Finally, Narani explains that Microsoft is working to improve key encryption
and is also working closely with RSA Security on encryption challenges. "In
[SQL Server] 2005 we had key management, but we were limited to SQL Server keys
native to the box. We're extending that capability even further in the next
release by working with (and providing improved support for) third-party key
vendors." That support also includes the ability to work with third-party Hardware
Security Module (HSM) products, a capability not offered in SQL Server 2005.
Another improvement will be a revamped policy-based management feature, featuring
the Declarative Management Framework (DMF). "DMF allows you to apply policy
to behaviors that are observable by an event," says Comeau. "You can control
or restrict users' access by using DMF, which enables forced compliance with
defined company policies."
End of Article
