Any data platform or database that stores sensitive information needs a robust infrastructure to control the data access in a secure manner. SQL Server 2008 R2 has inherited the 'secure-by-default' features (with several configurable features) in the areas such as platform (Operating System), architecture (32-bit and 64-bit), database objects (data layer), and application (connectivity).
In case the data is related to the financial services sector, then certain levels of criteria certification are essential for the verification of extensive security to access the layers of SQL Server, which is called Common Criteria Certification. The objective within Common Criteria Certification covers the evaluation of Information Technology (IT) products to improve security, availability, and efficiency. The various levels of security can be implemented on authentication, access privileges, database permissions, and data encryption.
The security architecture internals...