Little by little, Microsoft  is peeling away the layers of SQL Server 2005, the company’s forthcoming database server software. The Redmond, Wash., software giant unveiled new native security encryption and decryption support as well as government security certification.
Operating under the “Do More with Less” mantra at its TechEd 2004 conference in San Diego, Calif., Microsoft is touting more capabilities, reliability and security at less cost and complexity for the duration of the show.
Along those lines, Tom Rizzo, director of product management for SQL Server, said the company is writing complex encryption and decryption functionality directly into the product so customers don’t have to procure security features from a third party, or roll their own when the product becomes generally available next year.
The idea is to make the already successful product more attractive to customers, not only by making it more secure, but by saving users any time or labor associated with building complicated security software.
While rivals Oracle  and IBM 
 offer security features in their database software, Rizzo told internetnews.com they aren’t doing encryption and decryption and key management the way Microsoft plans to do it for SQL Server 205.
“Data encryption and decryption and key management is not for the faint of heart. This is the harder part of encryption and decryption that our competitors do not do,” Rizzo said. “So imagine the scenario where you want to have your data encrypted so that just in case someone breaks in, they can’t pull the data out.”
Rizzo said one of the catalysts for Microsoft adding the features to the forthcoming SQL Server 2005 is the increase of data privacy laws in the U.S. States such as California are calling for sensitive data to be protected like never before, which led the SQL Server team to turn to encryption/decryption features.
More broadly, Microsoft has taken its lumps from skeptics critical about its ability to secure products. Success in this area for its keystone database software could bolster the company’s tarnished reputation for offering safe products.
Along those lines, Rizzo said Microsoft will put SQL Server 2005 through the government’s Common Criteria certification, a stringent procedure for securing computer software developed by the National Security Administration.
Common Criteria, which covers auditing, security and Social Security documentation, is an important certification because enterprises want to be able to do business with government agencies, which won’t reciprocate unless certain standards of quality are met.
With the final release delayed along with Whidbey until early 2005, the second beta of SQL Server 2005 is due this summer, with a third beta following by the end of the year.
The third beta is expected to have advanced Data Transformation Services or extraction, transform and load integration features, that outdo anything ETL 
In related database news, Rizzo said Microsoft has finished the final version of SQL Server Best Practices Analyzer, a performance tool that employs a number of rules, or “best practices” while scanning SQL servers to help database administrators better maintain the product.
The software tool automatically scans design, implementation and backup strategies for DBAs. Rizzo said the November beta topped 40,000 downloads. Best Practices Analyzer includes SQL 2005 Upgrade Advisor, which will scan
SQL Server 2005 systems when they become available next year.


