Always Encrypted Data Security and Competitive Advantage

As data becomes the center of digital business, your organization’s ability to secure data is crucial for compliance and confidentiality. But data security is so important that it can also be a competitive differentiator. Indeed, Forrester Research reports a focus on data security can help drive customer loyalty and retention, create opportunities for premium offers and new sources of revenue, and protect future revenue streams.

For example, suppose your data platform’s security technology can assure customers that their credit card transactions complete quickly at the point of sale. In addition, suppose your data platform allows you to protect customer data by means of encryption throughout that transaction. A data platform that includes built-in technology to encrypt the customer’s sensitive data within the database and during transaction-processing provides the foundation for customer satisfaction—and differentiates your organization from competitors that rely on less advanced data security.

Such assurance is built into the SQL Server 2016 data platform with Always Encrypted technology. (For details on the security built into the SQL Server platform, see “Always Encrypted in SQL Server & Azure SQL Database.”). And Always Encrypted capabilities are just one example of Microsoft’s innovative and comprehensive approach to security. Microsoft has made security a priority for more than a decade. As a result, according to the National Institute of Standards and Technology2 (NIST) public security board, SQL Server has the fewest security vulnerabilities when compared with the major database vendors. In addition, SQL Server has been deemed “the most secure database” by the Information Technology Industry Council (ITIC).

Besides devoting internal efforts to security, Microsoft works closely with customers and the SQL Server community to ensure that security is properly implemented. As noted by Douglas McDowell, SQL Server MVP and North America CEO, of consulting company SolidQ, “SQL Server continues to be one of the most secure database platforms. Microsoft increases SQL Server security with each release (check out Always Encrypted in SQL Server 2016). SQL Server security is all about the platform being secure by design and by default, running it under a hardened configuration, and then making sure best practice security processes and procedures are followed.”

This across-the-board focus on security contrasts with the position of other database vendors: Recall the news in August 2015 when Oracle’s chief security officer berated customers for performing their own security testing on Oracle software and demanded they stop. Although May Ann Davidson’s statements were later removed from her blog, her comments reveal a lack of understanding when it comes to security and customer needs.

As the Forrester study highlighted, excellent data security can help organizations compete. And if there is any doubt about how data professionals rate the importance of advanced security technology, consider the results of a recent independent study by King Research: More than 400 security professionals rated the importance of various criteria for selecting security products on a scale of 1 to 10. Respondents placed “Security Advantage by Using Superior Technology” at a very high 7.5 on that scale.

Microsoft recognizes that a commitment to security is a key criterion when you evaluate data platforms. SQL Server provides superior data platform security technology that can serve as the foundation for a comprehensive data security strategy to help your organization compete. Find out how to take advantage of that technology by attending the webinar, “Tackle the top five data challenges with SQL Server.” For a more detailed overview download the white paper on SQL Server 2016 mission-critical capabilities.


  1. The Future of Data Security And Privacy: Growth And Competitive Differentiation Vision: The Data Security And Privacy Playbook, John Kindervag, Heidi Shey, and Kelley Mak, Forrester, July 10, 2015
  2. National Institute of Standards and Technology Comprehensive Vulnerability Database update 10/2015
  3. Companies Lack Security Controls for Accessing Enterprise Applications, King Research