How to protect a database from the Server Administrator in Sql Server

kosmik5 2017-12-06 07:28:17

Hi,

We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement).

In their requirement, protecting the data means that the Sql Server admin cannot read, nor modify sensitive data stored in tables.

We could do that with Encryption in Sql Server 2005, but that would interfere with our third party ORM, and it has other cons, like indexing, etc.

In Sql Server 2008 we could use TDE, but I understand that this solution doesn't protect against a user with Sql Server admin rights to query the database.

Is there any best practice or known solution to this problem?

This problem could be similar to the one of having an application hosted by a host provider, and you want to protect the data from the host admins.

We can use Sql Server 2005 or 2008.