Confidential VMs

Google is introducing encrypted virtual machines.

TDE BYOK and Geo-Replication in Azure SQL DB

Recently a customer asked me for help with setting up a test of an Azure SQL Database in the single database tier with Geo-Replication to work with Transparent Data Encryption (TDE) with a customer-managed key, also known as Bring Your Own Key (BYOK). It is very simple to do it when you use service-managed keys, […]

Stairway level 3 : Configure Extensible Key Management Using Azure Key Vault

In Level 1 of this Stairway series, we discussed how to configure TDE in a user database using a Database Master Key (DMK) and a certificate. Level 2 showed the steps to restore the backup of this database on another instance.  In this level, we will explain how to configure TDE in SQL Server with […]

Encryption Gets Broken All the Time

There are contests to break encryption algorithms taking place all the time. Another one was completed recently.

Mongodb Encryption

MongoDB adds encryption to protect data from the DBA.

Protecting the DMK

Encryption Libraries

There is an encryption library that Microsoft has released as open source.

Secure Enclave Concerns

A new security flaw in Intel SGX is found by researchers. This may or may not be a problem, but you should be aware.

Changing Algorithms

SQL Server Transparent Data Encryption vs. NetLib Encryptionizer

Between the legislation over the years (HIPAA, GLBA, GDPR, CCPA, etc.) and data breaches from large organizations that seem to pop-up in the news on a monthly basis, SQL Server database encryption is critical for our industry. SQL Server ships with a few options for a native encryption implementation (Column Level Encryption, Transparent Data Encryption, Data Masking, Always Encrypted), that all provide value in particular situations, but none of the options all seem to address all of the needs. What is the best way to encrypt our SQL Server data?