Encrypting data for storage in SQL server 2008

We'd like to utilize the transparent encryption feature in SQL server 2008 however, we're so dissapointed in the fact that this feature is only available when using the enterprise edition of SQL server 2008 which is way too expensive for us to afford.

Are there any other viable alternatives such as SDKs or other third party programs that can help us encrypt a few fields in our database so that we can use standard edition and do encryption and hashing without using SQL server 2008 for this?
LVL 1
PonthecomputerAsked:
Who is Participating?
 
Anthony PerkinsConnect With a Mentor Commented:
You can encrypt columns using the Standard edition, however if you choose to encrypt a column, there is no point in indexing it.  So if you want to encrypt SSN or credit card number and need to search on it, you will have to resort to a table scan.  This in most shops is a show stopper and why TDE is used with Enterprise Edition is used instead.
0
 
dportasCommented:
TDE is not the same thing as encrypting a few columns. TDE is encryption for data "at rest" on the file system. An alternative to TDE is the Windows Encrypting File System, which is supported for SQL Server:

http://technet.microsoft.com/en-us/library/cc721923.aspx
0
 
mastooCommented:
It depends what you are trying to protect against.  I just did some timings on TDE with BitLocker and it seemed to work well (given hardware TPM which is built in to most servers) though I haven't started using it yet.  TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.
0
 
Anthony PerkinsCommented:
>>It depends what you are trying to protect against. <<
In many big shops, there is no real reason, other then the PTB have determined that encryption is the way to go and at the same they can barely spell the word, let alone have no clue as to implementation.

>>TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.<<
Very good point.

Unfortunately it appears that TDE is not in the author's budget.  So we probably need to suggest alternatives.
0
 
mastooCommented:
Ah, I was confusing my acronyms and my answer would be for Full Disk Encryption that also happens to be TDE and  probably not what they are looking for.  But I liked the price - free with Windows Server 2008 and (most?) servers come with the hardware TPM built in.  I didn't realize my laptop has the same arrangement (via BitLocker in Vista Ultimate) until I was researching it for our servers.  It seems more useful on a laptop.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.