Link to home
Start Free TrialLog in
Avatar of Ponthecomputer
Ponthecomputer

asked on

Encrypting data for storage in SQL server 2008

We'd like to utilize the transparent encryption feature in SQL server 2008 however, we're so dissapointed in the fact that this feature is only available when using the enterprise edition of SQL server 2008 which is way too expensive for us to afford.

Are there any other viable alternatives such as SDKs or other third party programs that can help us encrypt a few fields in our database so that we can use standard edition and do encryption and hashing without using SQL server 2008 for this?
ASKER CERTIFIED SOLUTION
Avatar of Anthony Perkins
Anthony Perkins
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dportas
dportas

TDE is not the same thing as encrypting a few columns. TDE is encryption for data "at rest" on the file system. An alternative to TDE is the Windows Encrypting File System, which is supported for SQL Server:

http://technet.microsoft.com/en-us/library/cc721923.aspx
It depends what you are trying to protect against.  I just did some timings on TDE with BitLocker and it seemed to work well (given hardware TPM which is built in to most servers) though I haven't started using it yet.  TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.
>>It depends what you are trying to protect against. <<
In many big shops, there is no real reason, other then the PTB have determined that encryption is the way to go and at the same they can barely spell the word, let alone have no clue as to implementation.

>>TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.<<
Very good point.

Unfortunately it appears that TDE is not in the author's budget.  So we probably need to suggest alternatives.
Ah, I was confusing my acronyms and my answer would be for Full Disk Encryption that also happens to be TDE and  probably not what they are looking for.  But I liked the price - free with Windows Server 2008 and (most?) servers come with the hardware TPM built in.  I didn't realize my laptop has the same arrangement (via BitLocker in Vista Ultimate) until I was researching it for our servers.  It seems more useful on a laptop.