I would say it provides all the the basic tools you need to secure information in (and outside of) your database. What it doesn't have is a sophisticated key management mechanism, but there are third party key management systems out there.
Agreed, but my point was that secure database encryption is still in a transition process, and the jury is still out on whether it is the ideal solution at this point. For example this is an excerpt right from a MSDN Technical article on cryptography:
"It often seems that cryptography is employed to solve problems for which it is not really a solution. Even in circumstances appropriate to a cryptographic solution, it is not always the case that it should be deployed by means of the database engine.
When you tell your users that their data is cryptographically protected, you are implicitly assuring them that their data is protected against several kinds of threats. Cryptography is the world of the paranoid (see, for example, Bruce Schneier’s seminal book Applied Cryptography). If data really must be protected, build your systems while planning on a security audit by the most paranoid person you can imagine. It is rather easy to create an incomplete cryptographic solution
. If you plan to keep your data “a little bit secure,” it is better to not represent to your users that their data is protected at all.
Just because you need to cryptographically protect your data does not necessarily mean that the database engine is the best place to do it
, especially when scalability is a concern. Because cryptography is very CPU intensive, it may be wiser to limit the database to storing data and leave the cryptographic processing to upstream components
—like the middle tier—as these are easier to scale." :-D
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"