• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

SQL 2008 Encryption- application affect?

I'm needing to implement data encryption for some security requirements   We just got on with  SQL 2008, and I see quite a bit about its encryption capabilities (down to the row level..pretty cool).  I'm haven't been able to determine what effect doing so will have on existing applications that read/write to the tables I need to encrypt (e.g. credit cards).  

Does the encryption/decryption happen at the DB level, and no changes would need to be made to the application?

If changes would need made, what would they be?

Looking to understand this a bit better.  Any knowledge of the subject of encryption w/SQL 2008 in general is appreciated.

Thanks much
0
derdle
Asked:
derdle
  • 3
  • 2
1 Solution
 
dportasCommented:
It looks like you want TDE (Enterprise Edition only):
http://msdn.microsoft.com/en-us/library/bb934049.aspx
0
 
dportasCommented:
TDE happens at the database level and is completely transparent to applications.
0
 
derdleAuthor Commented:
Looks like TDE encrypts the entire DB.  Any option to pick and choose which tables (maybe even just columns) that get encrypted?  I didn't see it.  Would it not be preferred in terms of performance to only encrypt the data that requires it?   ...or is the overhead of TDE really not a concern?  Also, it looks like TDE is the only DB level / transparent option, would that be accurate?  ...just making sure I'm understanding the topic.

Thanks much for the help...
0
 
dportasCommented:
Microsoft have claimed that TDE is very fast because it happens asynchronously at the page level and as a background operation. I haven't tried it myself.

You can encrypt columns individually using the T-SQL encryption functions like EncryptByKey but that usually means application changes to deal with key management and so on. Which is best depends on what you are trying to achieve. If you just want to protect data "at rest" on disk or in backups then TDE is the simplest way.
0
 
derdleAuthor Commented:
TDE works great so far - thanks.  It does have to encrypt the entire DB, which concerns me moving forward as the DB grows, but so far, no sign of any slow downs.

Thanks!!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now