Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

We host a database for one of our applications on Microsoft SQL Azure. One of ou

ID: 658760 • Letter: W

Question

We host a database for one of our applications on Microsoft SQL Azure. One of our clients was dissatisfied with the fact that TDE is not supported on SQL Azure (and the database is otherwise not encrypted at rest). Their concerns were mostly along the following lines:

Data-center employees that have access to the VMs also have access to the database. We should use TDE to make sure that they can't get access to customer data from our database.

My reasoning is that if a data-center employee has administrator login access to the VM that hosts the SQL Server then they automatically gain access to the keys used for TDE. Which defeats the purpose of TDE in that case. The only real benefit to TDE would be for securing backups of the database.

Am I wrong in thinking so? And are there any alternatives to securing the whole database, relatively painlessly?

Explanation / Answer

No, your understanding of TDE is not wrong. A user with the appropriate permissions on the SQL Server instance can access the data in the database, and with SQL Azure, even if TDE were enabled, the DBAs in charge of the instance would certainly still have full access to the data.

What can you do? Well, you can encrypt the data in the application before you ever send it to the database. This creates a whole slew of additional constraints on how you query and use the data however, and is generally only appropriate in very limited use cases.

Ideally, you'd convince the client that this is an acceptable risk. The cloud providers business model is built around protecting their clients' data, not stealing it. It isn't in their best interest to abuse their position of trust in that way.

To me this sounds like its probably a search for a technical solution to a problem that doesn't need solving. I understand the concern, but in my opinion, the concern is out of proportion to the risk.

Related Questions

We have the survey data on the body mass index (BMI) of 646 young women. The mea
Question #3219647
We have the survey data on the body mass index (BMI) of 667 young women. The mea
Question #3182273
We have the two vectors A = 4 i - 3 j and B = -3 i +4 j . In answering the follo
Question #1726775
We have the unsorted array A[1...n]. Find the largest key in the unsorted portio
Question #670725
We have this ARMv7 program running on a Rasperry Pi, which is a little endian co
Question #2084842
We have this cylinder in our lab which contains 3g of oxygen and is fitted with
Question #700941
We have three boxes. Box I contains 1,000 components, 1 out of 8 of which are de
Question #3429714
We have three plasmids. The first is the cloning vector, pGEM. The second is the
Question #62139
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
We heat up 2.43 mol of some gas from 21.7 degrees C to 139.0 degrees C, holding
Next
We hypothesize the following relationship: On average, the number of arrests in

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.