Finding Sensitive Data in and Around Microsoft SQL Server

Home , Database transaction, Transaction log

Technical White Paper Finding Sensitive Data In and Around the Microsoft SQL Server Database

Finding Sensitive Data In and Around the Microsoft SQL Server Database

Vormetric, Inc. 888.267.3732 408.433.6000 [email protected] www.vormetric.com Technical White Paper Page | 1 Finding Sensitive Data In and Around the Microsoft SQL Server Database

Audience

This technical document is intended to provide insight into where sensitive data resides in and around a Microsoft® SQL Server® database for the Microsoft® Windows® operating system. The information and concepts in this document apply to all versions of SQL Server (2000, 2005, 2008, 2008 R2, 2012). It also assumes some knowledge of Vormetric’s data encryption and key management technology and its associated vocabulary.

Overview

At first blush, simply encrypting the database itself would be sufficient to secure data at rest in inside of the Microsoft SQL Server (SQL Server) database software running on Windows server platforms. However, enterprises storing sensitive data in a SQL Server database need to consider the locations around the database where sensitive data relating to SQL Server might reside, even outside the direct control of the Database Administrators (DBAs). For example, it is well within the realm of possibility that a SQL Server database could encounter an error that would cause it to send information containing sensitive data into a trace file or the alert log.

What follows is a description of the SQL Server database along with a table that includes a list of all types of files and sub- types, along with the function these files provide and why it makes sense to consider protecting these files. This material assumes sufficient understanding of SQL Server databases so that terms like “Transaction Logs”, “tablespaces” or “scripts” are understood.

Figure 1: Detailed List of Files Associated with a Microsoft SQL Server. Technical White Paper Page | 2 Finding Sensitive Data In and Around the Microsoft SQL Server Database

Type Sub-Type Function Why Protect This Data (if any)

In general, transaction logs contain information Transaction logs contain copies about every change made to the database. This of sensitive data. includes Data Manipulation Language (DML)

changes like INSERTs, UPDATEs or DELETEs, as well as Data Definition Language (DDL) or structural changes like table DROPs, CREATEs, Transaction ALTERs and so on. Logs Online Contains current database transaction. Sensitive data resides in the online transaction logs.

Archive When a transaction log fills or is closed, it is copied Sensitive data resides in the to the archive location. If a database recovery is archive transaction logs. required due to a database failure or other recovery operation, archive logs are used.

Master The database that records all of the system level This system can contain very information for a SQL Server system. sensitive security informa-

tion about your data in the user databases and should be protected.

Model The template for all databases that are created on This database does not typi- the instance of SQL Server. cally contain sensitive data that needs to be protected but can

also be encrypted without any impact to the system.

The database used by SQL Server Agent for sched- This database contains informa- msdb uling alerts and jobs, and for recording operators. tion on backup and restore and

msdb also contains history tables such as the may contain information such as backup and restore history tables. backup location. Not as critical as other system databases but System may also need to be encrypted. Databases A read-only database that contains copies of all Resource system objects that ship with SQL Server 2005 or later versions.

tempdb A workspace for holding temporary or intermediate Temporary data could poten- result sets. This database is re-created every time tially contain any data that is an instance of SQL Server is started. When the accessed in the user tables and server instance is shut down, any data in tempdb should be protected. is deleted permanently.

A database that exists only if the server is confi- The transactional replication Distribution gured as a replication distributor. This database will contain the same sensitive stores metadata and history data for all types of information that resides in the replication, and transactions for transactional user databases. replication.

Backups of a SQL Server Database are used for re- Backups of the SQL Server data- Backups covery purposes in the event of a database failure. base contain the same sensitive information that resides inside of the database.

Technical White Paper Page | 3 Finding Sensitive Data In and Around the Microsoft SQL Server Database

Sub-Type Why Protect This Data Type (if any) Function

SQL Server uses diagnostic logs to report Diagnostic Sensitive data can appear in diagnostic logs errors and users can use them to provide Logs when SQL Server is reporting an error. information about what the database is doing when retrieving their data.

Used to execute functions against the Passwords for database users in clear text database. Could be a one-time job or are sensitive information. Scripts repeating function. Scripts may contain passwords since connecting to the database requires a password.

Could be any kind of output resulting Reports from a SQL script or reporting tool out-

putted to a file (pdf, html page).

In general, they are files either in inter- nal-SQL Server format or other format that are used to load data into or extract data from a database If this unstructured data originates with the

production database it may contain sensitive Easily readable via both the conventional Conventional data. Export import program and any string search Exports/ command. Imports Extraction, Files can be in any of a variety of formats Transform & and are typically used to extract data Load (ETL) from a production database, transforming files the data to meet operational needs, and loading into the target system (a data warehouse or database).

Summary

When planning to secure sensitive data in a SQL Server database, enterprises need to consider that sensitive data directly related to the database may reside in unanticipated locations outside of the database itself. Robust data security includes considering how to secure sensitive data surrounding the SQL Server database and not simply focusing on sensitive data inside of the database.

About Vormetric

Vormetric is the leader in enterprise encryption and key management for physical, virtual and cloud environments. The Vormetric Data Security product line provides a single, manageable and scalable solution to manage any key and encrypt any file, any database, any application, anywhere it resides— without sacrificing application performance and avoiding key management complexity. For more information, please call: (888) 267-3732 or visit: www.vormetric.com.

Copyright © 2012 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. in the U.S.A. and certain other countries. All other trademarks or registered trademarks, product names, and company names or logos cited are the property of their respective owners.