One thing: There is never a way to prevent encryption from being cracked. Period.
The iPhone thing is slightly overblown, as the FBI could theoretically copy all the flash RAM and then spend all their time running brute force attacks. This case is because they don't want to do this.
There is always brute force attacks, including in SQL Server.
If you use TDE (2008+), then if someone copies your Db files, they are encrypted, but could be brute forced. Hence, choose good passwords (so this takes longer) and protect them. The idea, however, is that the information in the db would not be valuable by the time things are brute forced.
If you use sym/asym encryption inside the db, there are similar risks, especially if you haven't layered this with TDE. However again, it takes time.
With Always Encrypted, the keys are on the client, which reduces the attack vector from DBAs/devs/sysadmins if you manage them correctly, but you increase as the certificates exist on other machines. Hopefully you can trust some clients, and they can't be social engineered.
RLS and DDM have nothing to do here with security. They've convenience for developers, really.