Encrypting data for storage in SQL server 2008

Posted on 2009-04-14
Medium Priority
Last Modified: 2012-05-06
We'd like to utilize the transparent encryption feature in SQL server 2008 however, we're so dissapointed in the fact that this feature is only available when using the enterprise edition of SQL server 2008 which is way too expensive for us to afford.

Are there any other viable alternatives such as SDKs or other third party programs that can help us encrypt a few fields in our database so that we can use standard edition and do encryption and hashing without using SQL server 2008 for this?
Question by:Ponthecomputer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 75

Accepted Solution

Anthony Perkins earned 2000 total points
ID: 24143794
You can encrypt columns using the Standard edition, however if you choose to encrypt a column, there is no point in indexing it.  So if you want to encrypt SSN or credit card number and need to search on it, you will have to resort to a table scan.  This in most shops is a show stopper and why TDE is used with Enterprise Edition is used instead.
LVL 22

Expert Comment

ID: 24146163
TDE is not the same thing as encrypting a few columns. TDE is encryption for data "at rest" on the file system. An alternative to TDE is the Windows Encrypting File System, which is supported for SQL Server:

LVL 21

Expert Comment

ID: 24148128
It depends what you are trying to protect against.  I just did some timings on TDE with BitLocker and it seemed to work well (given hardware TPM which is built in to most servers) though I haven't started using it yet.  TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.
LVL 75

Expert Comment

by:Anthony Perkins
ID: 24150325
>>It depends what you are trying to protect against. <<
In many big shops, there is no real reason, other then the PTB have determined that encryption is the way to go and at the same they can barely spell the word, let alone have no clue as to implementation.

>>TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.<<
Very good point.

Unfortunately it appears that TDE is not in the author's budget.  So we probably need to suggest alternatives.
LVL 21

Expert Comment

ID: 24150498
Ah, I was confusing my acronyms and my answer would be for Full Disk Encryption that also happens to be TDE and  probably not what they are looking for.  But I liked the price - free with Windows Server 2008 and (most?) servers come with the hardware TPM built in.  I didn't realize my laptop has the same arrangement (via BitLocker in Vista Ultimate) until I was researching it for our servers.  It seems more useful on a laptop.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question