Hi all,

I am in the process of helping a client to select another company to replace my app - so I can semi-retire. I am being asked to help with questions re data security. I am going to try to keep this short so maybe you can tell me how you would approach it. I am trying to come up with an appropriate list of questions for this other company. They are probably going to recommend either SQL server or MariaDB for the backend.

One other bit of background: current app uses VFP native tables, not SQL. Have improved the security of the data by doing column level encryption (my code tieing into .Net functions). Document associated with this application are NOT encrypted but the company would really like this (one of the reasons they started to look at other databases).

To put the company's goals very simply:
- they would obviously like better control over access to the database
- if there were a data breach and someone exfiltrated the database files at the OS level or performed queries to try to pull down data, they would like:
- the sensitive columnar data to be encrypted (as it is now) and the documents to be encrypted
- obviously they would prefer that the data not be exfiltrated but maybe even limited (the MariaDB has a "database firewall" where you can limit the types of queries)

If you were giving a high level overview of the security setup for a new client, what would you list as the things "you need to do"?

Okay, as always, I have typed too much....and p.s., I know I have asked this a couple years back but times have changed - SQL 2019 has new encryption features for example.

Albert