Printed 2017/02/25 04:58AM

SQL Server Encryption - Protecting Files at Rest

By Steve Jones, 2009/05/25

You have a few options for protecting your SQL Server data at rest. So far I haven't seen anything thing protects data in memory, and I'm not sure we ever will. After all, at some point it needs to be processed, joined, etc., and that can't happen if it's well encrypted.

As I've been working through the encryption book I'm tech editing, I was thinking that Transparent Data Encryption (TDE) was the only native way to protect your data files. It had slipped me mind that there are two other Windows solutions, which will work with SQL Server.

The Encrypting File System (EFS) and Bitlocker are both part of Windows, an can be used to secure your data files at rest.

EFS requires that you take databases offline and then encrypt the files (or folders) before bringing them back online. Bitlocker will encrypt an entire volume on your Windows machine, and while you can still use Windows while it's working, it will be slow.

For SQL Server should you use these?

The answer is always it depends. Both of these will throw a hit on your system, and if that's a problem, you have to weight the issues of that against the protection you get. For a server or workstation, I'm not sure it's a big deal. For laptops I'd recommend Bitlocker as a solution since you really should protect all your files, not just SQL Server files.

I know many people might feel if they protect their data files they've covered the important things, but I'm not sure I agree. I've seen too many people cut and paste, export, or copy files for importing onto their machines.

And often this is the data you might really want to be sure is protected.

Copyright © 2002-2017 Redgate. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.