Encrypting SQL 2012

Question

Encrypting SQL 2012

Brandie Tarvin

SSC Guru

Points: 172994
More actions
October 22, 2021 at 8:37 am

#3943159

I need some assistance, please.
Now that TDE has blown up in our faces with SQL 2012, we are being pushed to use "native SQL encryption" on our databases to ensure the data at rest is encrypted. This while we're in the middle of a migration to new servers.
Does anyone know what "native SQL encryption" means that makes it different from TDE? I can't seem to find it on Google.
Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

frederico_fonseca SSCoach Points: 16017 More actions · Answer 1

for me it would mean using TDE as this is encryption at rest for all I know - I would ask whoever requested it to ensure that is what they meant - and if not to explain what they meant by it

hope they not talking about always encrypted - https://info.townsendsecurity.com/sql-server-always-encrypted-vs-transparent-data-encryption-tde and https://sqltutorialtips.blogspot.com/2017/11/always-encrypted-vs-transparent-data.html

This reply was modified 2 years, 6 months ago by frederico_fonseca.
This reply was modified 2 years, 6 months ago by frederico_fonseca.

Jo Pattyn SSC-Dedicated Points: 32070 More actions · Answer 2

I agree. TDE = encryption at rest. If SQL Server is not running, you can't make sense of the data looking at the file

Always encrypted: encryption is specific to the application

Phil Parkin SSC Guru Points: 246695 More actions · Answer 3

They meant column-level encryption, perhaps? My head would explode if I had to do that on an entire database though.

If you haven't even tried to resolve your issue, please don't expect the hard-working volunteers here to waste their time providing links to answers which you could easily have found yourself.

Michael L John One Orange Chip Points: 27038 More actions · Answer 4

I'm curious about what blew up with TDE?

Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/

Steve Jones - SSC Editor SSC Guru Points: 734449 More actions · Answer 5

I would assume this is TDE. That's the native encryption.

If this is a response to regulation (PCI, SOX, etc.) , this really is what your auditor thinks. I would request a meeting with whatever group audits you and ask them

Brandie Tarvin SSC Guru Points: 172994 More actions · Answer 6

It took me a while to realize the person in question was conflating KMS with TDE. Because I pushed back on using TDE on our specific SQL 2012 environment, they returned with "well use native SQL encryption and maintain your own passwords."

Thank you all for verifying the TDE thing. I appreciate the input.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

ZZartin SSC-Dedicated Points: 30894 More actions · Answer 7

Steve Jones - SSC Editor wrote:

I would assume this is TDE. That's the native encryption.
If this is a response to regulation (PCI, SOX, etc.) , this really is what your auditor thinks. I would request a meeting with whatever group audits you and ask them

Just TDE would not be enough to meet requirements for PCI or other regulations so definitely get more clarification if that's the case.