PCI Compliance - resistance is futile.
The PCI Compliance talk at PTI’s Back to School event was given by Kyle Neier. He’s a very experienced database administrator and also a leader at IndyPASS. He’s a cool guy. Unfortunately his PCI expert didn’t make it. That was perfectly ok because I wanted to focus on the SQL Server 2008 R2’s feature called SQL Audit.
The good ole days? Seriously? Back before SQL Audit it was a pain in the rear to audit at the database level. Kyle went into this and reminded us all the pains of what we had to architect in the past decades. I remember them well, SQL Audit is much better than those old hacks.
I don’t have to be PCI compliant in my current function but HIPAA is similar in terms of SQL Server and SQL Audit. The things I took from this is that any column that contains PHI I could audit, if I used Enterprise or DataCenter edition of SQL. It’s on the list for SQL Azure features but only has 17 votes. If you think that Audit would be useful in your SQL Azure instances like I do. Go to the SQL Azure Feature Voting website and vote now.