kilkenny (2/27/2012)
My company has been getting a lot of requests from our clients to put into place more stringent security practices. I just received the word from our CIO that all Personal Information (PI) must be encrypted at rest across all our servers. Which means we have to encrypt this data while its in the database.My first inclination was to turn on TDE, but after reading several articles, I'm worried about losing performance. If we choose to encrypt at the column-level, it will require us to redesign some of the applications using these databases, which will probably be cost-prohibitive.
Is there any advice out there from previous experiences regarding TDE that would help me decide the best path forward? I should say also that we are currently using SQL Server Standard Edition, and I realize that means we'll have to upgrade to Enterprise.
Much appreciated!
TDE does not encrypt objects in the database and prevent them from being viewed. Anybody with access to the server will be able to query the database and read data.
TDE encrypts the files at rest and subsequently any backups
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉