How to protect a database from the Server Administrator in Sql Server

Question

We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement).

In the

Answer 1

I might have salary information in my tables, and I don't want my trusted dba's to see. Faced with the same problem we have narrowed are options to:

1- Encrypt outside SQLServer, before inserts and updates and decrypt after selects. ie: Using .net encryption. Downside: You loose some indexing and searching capabilities, cannot use like and betweens.

2- Use third party tools (at io level) that block crud to the database unless a password is provided. ie: www.Blockkk.com Downside: You will need to trust a third party tool installed in your server. It might not keep up with SQL Server patches, etc...

3- Use an Auditing Solution that will keep track of selects, inserts, deletes, etc... And will notify (by email or event log)if violations occurred. A sample violation could be a dba running a select on your Salaries table. then fire the dba and change everyone salaries.