TDE and SQL Server Databases

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » Article Discussions » Article Discussions by Author » Discuss content posted by Perry Whittle » TDE and SQL Server Databases

15 posts, Page 2 of 2

««1 2

TDE and SQL Server Databases

Rate Topic

Display Mode

Topic Options

Author

Message

guy.stephens

Posted Friday, August 17, 2012 1:08 AM

Grasshopper

Group: General Forum Members
Last Login: Wednesday, March 20, 2013 10:54 PM
Points: 10, Visits: 15

I thought it was a very good article :).

Just making the point, since I've read a number of articles about TDE, had tried it out (on my SQL Developer version, which has all features), and had recommended it to customers. It was somewhat embarrassing to learn that it wasn't available in the versions of SQL they use.

Post #1346359

Perry Whittle

Posted Friday, August 17, 2012 5:25 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 9:47 AM
Points: 5,201, Visits: 11,151

yes i can see that would be a little embarrassing, please don't forget to rate the article if you found it useful

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Post #1346479

tthiemann

Posted Friday, August 17, 2012 11:43 AM

Forum Newbie

Group: General Forum Members
Last Login: Tuesday, October 02, 2012 9:55 PM
Points: 2, Visits: 8

This is a good write up. A couple of comments:

1) Something to consider if you have more than a handful of databases and want to avoid key management headaches is a network Hardware Security Module (HSM) to secure and manage the keys. The network HSM manages the asymmetric key which is used to protect the symmetric key that is created when TDE is enabled for both SQL Server (and Oracle if you are using Oracle TDE).

2) The key in the Master database is not secure - there are known ways to extract this key if you have access to the system. This is a security hole and without an external key manager or HSM on the system SQL Server with TDE is technically not PCI compliant if that is critical to your regulatory needs. A network HSM allows you to avoid having to purchase a hardware HSM for each server to protect the key. On a side note, Vormetric Key Management manages TDE keys for both SQL Server and Oracle.

3) You mentioned some third party products. There are also products like Vormetric Encryption which provides file-level encryption for data outside of your user and tempdb tables along with associated files outside of the database. This can encrypt the Master Tables, System Tables, Log files and any other external content such as trace files that may contain sensitive data.

Cheers!

Todd

Post #1346689

Perry Whittle

Posted Friday, August 17, 2012 4:32 PM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 9:47 AM
Points: 5,201, Visits: 11,151

Hi Todd thanks for the comments, I totally agree, if you're serious about implementing TDE then an external key management service is a must.

The 3rd party products I referred to were backup products such as Litespeed or sqlbackup

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Post #1346782

deanroush

Posted Wednesday, February 27, 2013 8:39 AM

SSC Rookie

Group: General Forum Members
Last Login: Thursday, May 02, 2013 9:10 PM
Points: 26, Visits: 263

I understand TDE does not encrypt FileStream data. In SQL 2012, a new feature is FileTable, which is built upon FileStream technology. This implies that TDE does not support FileTable technology. I have not seen this mentioned specifically. Anyone have any info on this? Thanks.

Post #1424571

« Prev Topic | Next Topic »

15 posts, Page 2 of 2

««1 2

Permissions