Monday, March 31, 2008

Database Encryption in SQL Server 2008 Enterprise Edition

This diagram seems to confirm my thoughts that TDE adds layers of complexity that may keep infrastructure people in a job for years to come...


Actually, TDE implementation is a 6-step process, so this diagram could be a bit misleading.  Perhaps the wavy arrows are turning this diagram into one of those hypnotizing optical illusions...

Summary: With the introduction of transparent data encryption (TDE) in SQL Server 2008, users now have the choice between cell-level encryption as in SQL Server 2005, full database-level encryption by using TDE, or the file-level encryption options provided by Windows. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows® features: the Encrypting File System (EFS) and BitLocker™ Drive Encryption, the new volume-level encryption introduced in Windows Vista®, both of which also encrypt data on the hard drive. TDE does not replace cell-level encryption, EFS, or BitLocker. This white paper compares TDE with these other encryption methods for application developers and database administrators. While this is not a technical, in-depth review of TDE, technical implementations are explored and a familiarity with concepts such as virtual log files and the buffer pool are assumed. The user is assumed to be familiar with cell-level encryption and cryptography in general. Implementing database encryption is covered, but not the rationale for encrypting a database.

Database Encryption in SQL Server 2008 Enterprise Edition

No comments: