You are employed as a database administrator by a start-up company in Menlo Park, California. The company is developing a new payments system that is attracting a lot of attention from venture capitalists. Customers will be able to process credit card transactions remotely and transmit payment information over the internet to your data center. During the latest round of negotiations for funding, one of the potential backers announced that he or she would be conducting a due diligence assessment to ensure that the new payments system design has adequate security controls. This potential backer is particularly concerned about customer privacy issues, as this is a hot topic in California and elsewhere. Your manager, the Chief Technology Officer (CTO) of the firm, has asked you to make recommendations on several aspects of SQL Server database security. Please consider:
- Securing the client/server connections over the internet
- Authenticating users
- Encrypting sensitive information