Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

A Fundamental Security Mistake

By Steve Jones,

Why doesn't the Express Edition of SQL Server allow for Transparent Data Encryption (TDE)?

If Microsoft is serious about helping clients secure data, this is one feature that should be deployed across all editions. I could even argue that it's more important to have this on Express than Enterprise. After all many of the data loss issues reported in recent years have come because of missing laptops, which often contain data from databases.

I realize that many people don't usually use Express to work with data, preferring another tool like Excel, but we could look to rectify that. We could store the data in an Express edition instance and set up queries against the local database from Excel. And in the places where Express is being used, this would instantly make the data on laptops more secure.

There have been many changes in the last few editions of SQL Server to try and make it more secure. Better coding, more secure defaults, and a number of changes to the engineering process to produce a more secure platform on which we can build applications. This is one more that could really improve database security.

I understand the desire to "upsell" the product and entice people to buy Workgroup edition instead of Express, to use Standard instead of Workgroup, Enterprise instead of Standard. I have nothing against Microsoft moving features around to try and entice people to spend more on their database software. I don't always agree with the features they move around, but for the most part it's splitting hairs about what makes sense for a particular class of customer.

When it comes to security, however, I think there ought to be a different set of standards. It's one thing if only Enterprise Edition allows certificates to log in. It's quite another when a fundamental security feature like TDE isn't available in the editions that would most benefit from it.

I don't know what the feature list will be like for SQL Server 2008 R2, but I certainly hope that TDE is moved to all editions, not just Enterprise Edition.

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 167 | Views in the last 30 days: 1
Related Articles


A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...


Podcast Announcements

Podcast Feeds


Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...


SQL Server 2012 (“Denali”): New Security Features

SQL Server 2012 has many new security features, and three of the bigger new features are: Default Sc...



I'm working on getting a small studio set up for some podcasting of the editorials. That means I put...


Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones