IntroductionThe basic purpose of encryption feature ensures the confidentiality of any digital data stored on a system. Also, the data, which is transmitted through the internet or via network of another computer. Encryption brings data in such a state that it becomes very difficult to read or analyse it. It is not possible for a user to access the encrypted data without access to decryption key/password/certificates. In the following section we will learn what is transparent data encryption (TDE) in SQL Server, the method to enable TDE and also, its advantage and disadvantages.
What Is Transparent Data EncryptionSQL Server has various built-in technologies for data protection, and one of the most essential is Transparent Data Encryption. This feature is introduced in SQL Server 2008 and present in all the later versions for bulk encryption at the database file level, which includes logs, data and backup file. Moreover, to fulfil the demands of corporate data security standards, SQL Server provides the option to enable TDE on the database level or at column/cell level. This feature is completely transparent to your application. Users can even use file level encryption, which is provided by Windows for database files. In the following section we will discuss the method to enable Transparent Data Encryption along with the advantage and disadvantages of TDE.
How To Enable Transparent Data EncryptionThese are the mentioned steps you need to perform to enable TDE on a database. You can follow these steps only if, you have the permission to create a database master key and certificates in the master database and also, control permissions on the user database.
- Firstly, you need to create a master key: It is a very symmetrical to the key that is used to create certificates and also, asymmetric keys.
- Then, obtain or create a certificate protected by the master key: Certificates can be used for the encryption of data directly or to create symmetric keys to encrypt the database.
- Generate a key of database encryption for the protection by the certificate.
- Next, set the database to use encryption: Encryption, for tempdb data, is automatically enabled once you enable TDE on any of the user database. This results in the prevention of temporary objects (used by the user database) from leaking to disk unencrypted via tempdb database. System databases other than tempdb cannot currently be encrypted by using TDE.
It’s very essential to take backup of the keys and certificates. This restores the encrypted database on another instance of SQL Server after restoring the keys or certificates there.
Whenever you try to use a certificate without taking a backup of it, SQL Server gives a warning like this:
Pros And Cons Of Transparent Data EncryptionPros
- Quite simple to implement.
- No modification is needed for the application tier.
- Is invisible to the user.
- Works with high availability features, such as mirroring, AlwaysOn and log shipping.
- Overall database is encrypted not only the data, which is sensitive.
- There is a small performance impact.
- File Stream data is not encrypted.
- Data, which is in motion or held within the application is not encrypted