Transparent Data Encryption & a case study

Introduction

Today’s world is more concerned on security and sensitivity of data. As the data movement is so volatile in the IT industry, there is high risk of misusing the data source without any security measures. In recent days, IT organizations have been working together closely with in-house security team to make sure the security of data has been considered.
This whitepaper presents a native Encryption technique which has been introduced in SQL Server 2008 called – Transparent Data Encryption (TDE).Transparent Data Encryption allows the encryption of the entire database while providing real time encryption of mdf and ldf files. TDE also ensure encryption on any backups taken while the encryption is enabled. TDE is fairly a straightforward concept as Data is encrypted before it is written to disk and data is decrypted when it is read from disk as it is read into the memory. Hence, there are no special changes needs to be considered on the application code or database queries. This will help in preventing unauthorized access to the data and backup files. TDE will support only in Enterprise and Developer Editions of SQL Server.
TDE_Inage1

Please download the below whitepaper.
TransparentDataEncryption_Whitepaper

Summary Points

• Ensures Security of database at master files (mdf & ldf) and backup files.
• TDE does not increase the size of the encrypted database.
• Encrypts the Entire Database and no granular level of encryption possible.
• When one of the databases on an instance has been set for TDE, then, TEMPDB on that instance also get under the TDE enablement. This might have a performance issue on other databases as TEMPDB is common for that instance.
• The data and logs are encrypted and decrypted to memory real time and that can have performance impact.
• No protection for data in memory.
• FILESTREAM Data will not be encrypted though TDE is enabled.
• TDE does not provide encryption across communication Channels.

Advertisements