Stairway to SQL Server Security Level 9: Transparent Data Encryption

  • Don Kiely

    SSC Eights!

    Points: 849

    Comments posted to this topic are about the item Stairway to SQL Server Security Level 9: Transparent Data Encryption

  • Perry Whittle

    SSC Guru

    Points: 233794

    a further limitation of TDE is the effect on compression, this can be an issue for those who wish to use effective compression in their backups, Things have got better with SQL Server 2014 but not so in lower versions.

    It's far better to ensure your NTFS ACLs protect the files and that administrators on the Wiondows server are secured (i.e. not wide open)

    -----------------------------------------------------------------------------------------------------------

    [font="Tahoma"]"Ya can't make an omelette without breaking just a few eggs"[/font] 😉

  • Marsha

    SSC Eights!

    Points: 985

    I like the article. it comes at a good time for my group.

    I have one question.

    If the database is encrypted with TDE and the database is replicated to other servers without TDE.

    what would happen. would the tempdb on the other servers require TDE setup?

  • Don Kiely

    SSC Eights!

    Points: 849

    Thanks for the kind words! I'm glad you found it useful.

    My understanding is that TDE had no effect on replication. If you wanted to protect the data in the subscriber, you'd have to enable TDE there as well.

    But replication is not my area of expertise, so you'll want to verify this before relying on it!

    Don

  • epoillion

    SSC Rookie

    Points: 37

    Great series Don, very helpful. How do I access the sample code that accompanies this level? You mention that it contains code not shown on the page, but I'm not sure how to access it. Thanks!

  • Don Kiely

    SSC Eights!

    Points: 849

    epoillion (6/4/2015)


    Great series Don, very helpful. How do I access the sample code that accompanies this level? You mention that it contains code not shown on the page, but I'm not sure how to access it. Thanks!

    Hmm. It appears that the code file wasn't added as a resource when this article was published. I'll check with the Powers That Be to see about getting it added.

    Thanks for letting me know!

  • akljfhnlaflkj

    SSC Guru

    Points: 76202

    Great information, thank you.

  • Don Kiely

    SSC Eights!

    Points: 849

    The code file has finally appeared for the level. Thanks for your patience!

  • hiren.patel 911

    SSC Enthusiast

    Points: 174

    Awesome article Don, we all really appreciate it. One thing I stumble upon and not sure if its worth to mention in your article about TempDB encryption. So, I implemented TDE to one of my database and using your Progress query I was able to verify that, I actually did encrypt my database along with TempDB. Thing I saw was, when I turn the TDE OFF, I was able to see my database as Unencrypted, but the TempDB was still showing Encrypted. So, to try, I restarted my SQL Server Service, that took the Encryption Off of TempDB database, atleast I do not see if anymore Encrypted when I run the progress query.

    Thank you,

    Hiren

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply