Stairway Level 2 : Restore a Backup of a TDE Database to Another Server

In Level 1 of this Stairway, we discussed how to configure TDE in a user database using a Database Master Key and Certificate. In this level, we explain the steps for backing up and securing this certificate, as well as how to restore the database on another server instance. Backup the Certificate and Private Key […]

Transparent Data Encryption Using Certificates and EKM - Level 1 of the Stairway to TDE

Introduction Transparent Data Encryption (TDE) is one of the key security features available in SQL Server from SQL Server 2008 onwards. Using this feature, the ‘data at rest’ in the physical files for the database, are protected from unauthorized access if the files are copied, or the physical media is stolen. TDE is available with […]

Configure SQL Server Transparent Data Encryption with PowerShell

In this article Filip Holub looks at how to configure and enable transparent data encryption for a SQL Server database using PowerShell.

6 steps to a more secure SQL database

Security is often something people think about only after they have had a problem. Given that the average cost of a data breach is $3.92 million (SecurityIntelligence 2019) and ransomware attacks have increased 97% over the past 2 years (PhishMe 2019), the "if it's not broke, don't fix it" approach can clearly be catastrophic. Here […]

Transparent Data Encryption and Extensible Key Management – Better Together

Learn how you can secure your TDE environment by separating your key from the server using Extensible Key Management.

Key Rotation in TDE

Transparent Data Encryption (TDE) has been around for a long time. It first appeared in SQL Server 2008, and after a rocky start with some bugs, it has become a regularly used feature for many organizations. While not perfect, it does provide some protection and auditors like to see physical protection features being used. It's […]

How to Send a TDE Encrypted Backup to Someone Outside Your Organization

Once you enable your database to be encrypted with Transparent Data Encryption (TDE), the physical database files, and the database backups are encrypted. If your database and database backup are encrypted, then how can you send the encrypted backup to a person outside your organization?

What is the State of My Transparent Data Encrypted Database?

When using Transparent Data Encryption, you might wonder “What is the state of my transparent data encrypted database?” Read on to learn the many different states that a transparent data encrypted database might go through.

Rotating Certificates

How to Enable Transparent Data Encryption

By default, SQL Server does not encrypt data in a SQL Server database in an encrypted format. When SQL Server 2008 was introduced, Microsoft implemented Transparent Data Encryption (TDE). When TDE is enabled on a database SQL Server will encrypt the database as data is written to the disk.