For all DBAs working in banks or other organizations that need to comply with PCI DSS, segregation of duties is something we always get asked about. To be honest I always found it a very hard implementation to be realized and it requires a change of the way we DBAs work. I’m glad that Microsoft came up with “Always Encrypted”. This new feature is will help organizations achieve segregation of duties without having to change the way we DBAs work. I will not rewrite all the information there is on Always Encrypted, instead I will provide you with some links that will give you a great explanation of what it is and how it works:
Have fun! I hope you the information is helpful to you. Please write me back if you have any questions about it. I will see how I can help.
P.S: I hope it will not be an Enterprise Edition feature.