Stairway to SQL Server Security Level 9: Transparent Data Encryption

  • Comments posted to this topic are about the item Stairway to SQL Server Security Level 9: Transparent Data Encryption

  • a further limitation of TDE is the effect on compression, this can be an issue for those who wish to use effective compression in their backups, Things have got better with SQL Server 2014 but not so in lower versions.

    It's far better to ensure your NTFS ACLs protect the files and that administrators on the Wiondows server are secured (i.e. not wide open)

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • I like the article. it comes at a good time for my group.

    I have one question.

    If the database is encrypted with TDE and the database is replicated to other servers without TDE.

    what would happen. would the tempdb on the other servers require TDE setup?

  • Thanks for the kind words! I'm glad you found it useful.

    My understanding is that TDE had no effect on replication. If you wanted to protect the data in the subscriber, you'd have to enable TDE there as well.

    But replication is not my area of expertise, so you'll want to verify this before relying on it!

    Don

  • Great series Don, very helpful. How do I access the sample code that accompanies this level? You mention that it contains code not shown on the page, but I'm not sure how to access it. Thanks!

  • epoillion (6/4/2015)


    Great series Don, very helpful. How do I access the sample code that accompanies this level? You mention that it contains code not shown on the page, but I'm not sure how to access it. Thanks!

    Hmm. It appears that the code file wasn't added as a resource when this article was published. I'll check with the Powers That Be to see about getting it added.

    Thanks for letting me know!

  • Great information, thank you.

  • The code file has finally appeared for the level. Thanks for your patience!

  • Awesome article Don, we all really appreciate it. One thing I stumble upon and not sure if its worth to mention in your article about TempDB encryption. So, I implemented TDE to one of my database and using your Progress query I was able to verify that, I actually did encrypt my database along with TempDB. Thing I saw was, when I turn the TDE OFF, I was able to see my database as Unencrypted, but the TempDB was still showing Encrypted. So, to try, I restarted my SQL Server Service, that took the Encryption Off of TempDB database, atleast I do not see if anymore Encrypted when I run the progress query.

    Thank you,

    Hiren

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply