Slated for release next year, SQL Server 2008 will introduce a number of new features that promise to help streamline and enrich auditing, compliance, and security challenges. "SQL Server 2008 will offer improvements in three primary areas that are of concern for organizations with compliance demands," says Microsoft Senior Product Manager Niraj Nagrani. "The first is a focus on enhancing the auditing experience: making every action auditable, allowing rich reports to be generated for auditing purposes, and providing a rich set of tools that provide the right level of auditing for different components." SQL Server 2008 will also support auditing via Data Definition Language (DDL).
Improved (and transparent) data encryption in SQL Server 2008 will allow "all data coming into and out of the database to be encrypted without any application modification," Nagrani says. The encrypted data will also be searchable using a variety of methods, including "fuzzy" search.
Finally, Narani explains that Microsoft is working to improve key encryption and is also working closely with RSA Security on encryption challenges. "In \[SQL Server\] 2005 we had key management, but we were limited to SQL Server keys native to the box. We're extending that capability even further in the next release by working with (and providing improved support for) third-party key vendors." That support also includes the ability to work with third-party Hardware Security Module (HSM) products, a capability not offered in SQL Server 2005.
Another improvement will be a revamped policy-based management feature, featuring the Declarative Management Framework (DMF). "DMF allows you to apply policy to behaviors that are observable by an event," says Comeau. "You can control or restrict users' access by using DMF, which enables forced compliance with defined company policies."