Depending on the type of data I’m not sure that encryption is necessary providing you secure access to the system and the database itself. All of our production database servers are behind a firewall. Only systems that are on the administrative network are allowed access through the firewall and then only on specific, required ports. Database servers don’t host web servers.

Access to the database servers themselves is strictly limited to DBAs and platform support personnel. They use administrative logins, not their personal login ids. That way if their personal account is compromised the database servers aren’t.

For web servers only web admins and platform support have access (I happen to wear two hats, web developer and web admin, although that is rare in our organization).

Developers have access to shares where they can publish their application, usually coordinated with the web admin for any setup/configuration. Some senior developers are given administrator access to databases in order to create/modify schemas.

Usually, what happens is you develop using a locally installed database server, upload code to QA servers that have a little looser access policy, but are only accessible from company networks, then have the DBAs copy the database schema and roles to production and publish your app to the production web server.

Web apps are often configured to run under limited credential service accounts which have read/write, but not admin, access to the database. I typically encrypt any part of my web.config that contains connection information as well.

The general idea is to give enough access to get your job done without too much bother, but limit access to the minimum required.

Oh. And no ‘real’ data on development or QA servers.

[EDIT] We don’t keep SSNs or credit card numbers. If you do, you’ll need to be even more careful. Most of my apps do access logging, some are required to due to HIPPA, but I find that it is a good practice for just about anything meaningful