In our electronic criminal law, customer-sensitive data must be encrypted at rest and all admins working on servers and DBs must not be able to access this information clearly.
Microsoft provides three methods to encrypt sensitive information.
1- TDE[Transperant Data Encryption].
2- Always Encryption.
3- Always encrypted Enclave. not supported in our platform.
TDE by documentation it encrypts data at rest [the files [mdf,ldf,bak] are encrypted]. but once you accessed the instance you can see all data in cleartext.
Always encrypted can encrypt data inside instance to prevent authorized users from accessing data in clear text unless the have different certificates. which could be deployed in the IIS server or development server. specifically in the window's store of the azure vault.
anyhow, by mixing both methods together so that data is encrypted at rest and encrypted to everyone cannot access the master certificate.
In a given structure that is managed by many teams:
1- DBA
2- DB backup
3- Domain Admin
4- local admin
Also in two tires system, that uses different two servers, one for IIS and the other for MSSL server.
By applying the up-mentioned mixeture, the admins of both machines can access the split password of always encrypted and then access the information.
My question:
How available it be, to prevent those admins from accessing info?
