May 7, 2018 at 2:15 am
Hi,
The EU is going to apply a tight data protection on personal information stored in databases.
What is the best approach/method to have just some fields encrypted in the database (no the entire table) so if the database is "stolen" no one can access the data?
Use TDE, Certificates and keys, have the code encrypt the data ?
Thanks,
Pedro
May 7, 2018 at 11:33 am
There's no real "best". The way that different auditors or authorities might examine your architecture will vary.
TDE gives you encryption at rest, and lots of auditors like this. Anyone with credentials can access data, but lost files or backups are protected. This is a minimal bar, but it does mean that you've done something. At the very least, backup encryption is needed.
Always Encrypted is good, but lots of limitations. Easy to get into a place here that limits or impacts performance. This is better encryption, and again, fairly transparent for apps, but not necessarily for workflow, so keep that in mind.
Column level is great, but lots of code/app changes. This isn't much different than using .NET to encrypt data. However, when you do this, you also need to manage certs/keys, which is challenging.
I think TDE is what you want to do at a minimum and then learn more about the ways the other items work.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply