Encrypting SQL 2012

  • I need some assistance, please.

    Now that TDE has blown up in our faces with SQL 2012, we are being pushed to use "native SQL encryption" on our databases to ensure the data at rest is encrypted. This while we're in the middle of a migration to new servers.

    Does anyone know what "native SQL encryption" means that makes it different from TDE? I can't seem to find it on Google.

    Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

  • for me it would mean using TDE as this is encryption at rest for all I know - I would ask whoever requested it to ensure that is what they meant - and if not to explain what they meant by it

    hope they not talking about always encrypted - https://info.townsendsecurity.com/sql-server-always-encrypted-vs-transparent-data-encryption-tde and https://sqltutorialtips.blogspot.com/2017/11/always-encrypted-vs-transparent-data.html

  • I agree. TDE = encryption at rest. If SQL Server is not running, you can't make sense of the data looking at the file

    Always encrypted: encryption is specific to the application

  • They meant column-level encryption, perhaps? My head would explode if I had to do that on an entire database though.

    If you aren't happy single, you won't be happy in a relationship.

    Remember, happiness comes from guitars, not relationships.

  • I'm curious about what blew up with TDE?

    Michael L John
    If you assassinate a DBA, would you pull a trigger?
    To properly post on a forum:
    http://www.sqlservercentral.com/articles/61537/

  • I would assume this is TDE. That's the native encryption.

    If this is a response to regulation (PCI, SOX, etc.) , this really is what your auditor thinks. I would request a meeting with whatever group audits you and ask them

  • It took me a while to realize the person in question was conflating KMS with TDE. Because I pushed back on using TDE on our specific SQL 2012 environment, they returned with "well use native SQL encryption and maintain your own passwords."

    Thank you all for verifying the TDE thing. I appreciate the input.

    Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

  • Steve Jones - SSC Editor wrote:

    I would assume this is TDE. That's the native encryption.

    If this is a response to regulation (PCI, SOX, etc.) , this really is what your auditor thinks. I would request a meeting with whatever group audits you and ask them

     

    Just TDE would not be enough to meet requirements for PCI or other regulations so definitely get more clarification if that's the case.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply