![]() ![]() When I introduced you to column-level encryption, I discussed the encryption hierarchy and how SQL Server uses a series of keys and certificates to protect column data. If you’re new to SQL Server encryption, you might want to review that article first. The first one ( Encrypting SQL Server: Using an Encryption Hierarchy to Protect Column Data) covers column-level encryption. The article is the second in a series about SQL Server encryption. ![]() In this article, we look at how to implement TDE on a user database. Even so, TDE is relatively easy to enable, once you’ve decided this is the path you want to travel. You cannot pick-and-choose like you can with column-level encryption. When enabled, TDE encrypts all data in the database, as well as some outside the database. SQL Server TDE takes an all-or-nothing approach to protecting data. Encrypting data at rest can help prevent those with malicious intent from being able to read the data should they manage to access the files. TDE protects the physical media that hold the data associated with a user database, including the data and log files and any backups or snapshots. With the release of SQL Server 2008, Microsoft expanded the database engine’s security capabilities by adding Transparent Data Encryption (TDE), a built-in feature for encrypting data at rest. ![]()
0 Comments
Leave a Reply. |