We've been here with Steve Jones not long ago. I agree TDE would be a great feature to have on standard versions, but a lot of people remarked on how involved it is to set up, and how much it complicates restores. Realistically, I think TDE is probably overkill for most small-medium businesses.

Previously, the discussion was about how without TDE it is impossible to protect a database backup file. Anyone with admin privs on their local machine (ie. almost everyone who owns a computer) can restore the database and take command of it by reassigning all privs as they wish.

How about a less comprehensive encryption that's NOT end to end, but just encrypts the static MDF/LDF data and backup-file-contained data, but strongly with a serious AES-256 algorithm.

That would be a useful medium between the two protection options at present, which are (1) nothing, and (2) truly enterprise strength (and enterprise TCO)

How many small businesses do you know who change IT techs regularly and have trouble keeping track of their passwords, let alone encryption certificates.

Ben