OakLeaf Systems: Seven Security Risks the SQL Server Data Services Team Must Mitigate for Enterprise Users

Monday, July 07, 2008

Seven Security Risks the SQL Server Data Services Team Must Mitigate for Enterprise Users

Network World’s Gartner: Seven cloud-computing security risks article of July 2, 2008 carries this lead:

Cloud computing is fraught with security risks, according to analyst firm Gartner. Smart customers will ask tough questions, and consider getting a security assessment from a neutral third party before committing to a cloud vendor, Gartner says in a June report titled “Assessing the Security Risks of Cloud Computing.”

Although the article cites Amazon EC2 and the Google App Engine as examples of cloud computing, the following seven security issues are even more important for data-centric services such as SQL Server Data Services (SSDS):

Privileged user access
Regulatory compliance
Data location
Data segregation
Recovery
Investigative support
Long-term viability

The fact that Microsoft is operating the service probably satisfies long-term viability concerns, although Microsoft has announced that its Live Expo online classifieds database will go dark on July 31, 2008. And the SSDS team has stated that an Authority can specify the data center at which its Containers of Entities are stored. However, promotional material mentions “security features” repeatedly but doesn’t describe what these features are. The team needs to provide potential SSDS users with early insight into how SSDS plans to mitigate the remaining five security issues.

The article’s detailed synopsis of the US$195 report is well worth a read.