Why doesn't the Express Edition of SQL Server allow for Transparent Data Encryption (TDE)?
If Microsoft is serious about helping clients secure data, this is one feature that should be deployed across all editions. I could even argue that it's more important to have this on Express than Enterprise. After all many of the data loss issues reported in recent years have come because of missing laptops, which often contain data from databases.
I realize that many people don't usually use Express to work with data, preferring another tool like Excel, but we could look to rectify that. We could store the data in an Express edition instance and set up queries against the local database from Excel. And in the places where Express is being used, this would instantly make the data on laptops more secure.
There have been many changes in the last few editions of SQL Server to try and make it more secure. Better coding, more secure defaults, and a number of changes to the engineering process to produce a more secure platform on which we can build applications. This is one more that could really improve database security.
I understand the desire to "upsell" the product and entice people to buy Workgroup edition instead of Express, to use Standard instead of Workgroup, Enterprise instead of Standard. I have nothing against Microsoft moving features around to try and entice people to spend more on their database software. I don't always agree with the features they move around, but for the most part it's splitting hairs about what makes sense for a particular class of customer.
When it comes to security, however, I think there ought to be a different set of standards. It's one thing if only Enterprise Edition allows certificates to log in. It's quite another when a fundamental security feature like TDE isn't available in the editions that would most benefit from it.
I don't know what the feature list will be like for SQL Server 2008 R2, but I certainly hope that TDE is moved to all editions, not just Enterprise Edition.
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.