The whole paradigm of security as currently envisioned is "not even wrong", the wonderful phrase by Dr. Pauli.
It should not be the job of company IT staff to design and implement security, to pile one pile of slop on top of another and hope there's enough crap to drown hackers.
The whole security issue needs to be redone, from the ground up. The companies who create OSes should be the ones creating solutions to the problems in their own code that let attackers through. It should be the database software creators that provide impenetrable security.
It should be, but it can't be. Because the way software has been designed has always had security as a poor cousin, tossed a few crumbs when the PTB deign to think about it.
The current approach is broken. TDE is worthless, it's a performance hog, guarding the keys introduces yet another point of attack, and it only reduces (not eliminates) another attack vector.
Layered security is a good thing, don't get me wrong, but expecting every Tom, Dick, and Harry end-user/IT staffer to be security experts isn't just stupid, it's criminally negligent on the part of software vendors. As proven by the security apocalypse we find ourselves in.