Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

TDE and SQL Server Databases Expand / Collapse
Author
Message
Posted Friday, August 17, 2012 1:08 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Sunday, March 02, 2014 6:38 PM
Points: 11, Visits: 24
I thought it was a very good article :).

Just making the point, since I've read a number of articles about TDE, had tried it out (on my SQL Developer version, which has all features), and had recommended it to customers. It was somewhat embarrassing to learn that it wasn't available in the versions of SQL they use.
Post #1346359
Posted Friday, August 17, 2012 5:25 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 8:03 AM
Points: 5,958, Visits: 12,841
yes i can see that would be a little embarrassing, please don't forget to rate the article if you found it useful

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1346479
Posted Friday, August 17, 2012 11:43 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, October 02, 2012 9:55 PM
Points: 2, Visits: 8
This is a good write up. A couple of comments:

1) Something to consider if you have more than a handful of databases and want to avoid key management headaches is a network Hardware Security Module (HSM) to secure and manage the keys. The network HSM manages the asymmetric key which is used to protect the symmetric key that is created when TDE is enabled for both SQL Server (and Oracle if you are using Oracle TDE).

2) The key in the Master database is not secure - there are known ways to extract this key if you have access to the system. This is a security hole and without an external key manager or HSM on the system SQL Server with TDE is technically not PCI compliant if that is critical to your regulatory needs. A network HSM allows you to avoid having to purchase a hardware HSM for each server to protect the key. On a side note, Vormetric Key Management manages TDE keys for both SQL Server and Oracle.

3) You mentioned some third party products. There are also products like Vormetric Encryption which provides file-level encryption for data outside of your user and tempdb tables along with associated files outside of the database. This can encrypt the Master Tables, System Tables, Log files and any other external content such as trace files that may contain sensitive data.

Cheers!

Todd
Post #1346689
Posted Friday, August 17, 2012 4:32 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 8:03 AM
Points: 5,958, Visits: 12,841
Hi Todd thanks for the comments, I totally agree, if you're serious about implementing TDE then an external key management service is a must.

The 3rd party products I referred to were backup products such as Litespeed or sqlbackup


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1346782
Posted Wednesday, February 27, 2013 8:39 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, May 02, 2013 9:10 PM
Points: 26, Visits: 263
I understand TDE does not encrypt FileStream data. In SQL 2012, a new feature is FileTable, which is built upon FileStream technology. This implies that TDE does not support FileTable technology. I have not seen this mentioned specifically. Anyone have any info on this? Thanks.
Post #1424571
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse