Encrypting data for storage in SQL server 2008

Posted on 2009-04-14
Last Modified: 2012-05-06
We'd like to utilize the transparent encryption feature in SQL server 2008 however, we're so dissapointed in the fact that this feature is only available when using the enterprise edition of SQL server 2008 which is way too expensive for us to afford.

Are there any other viable alternatives such as SDKs or other third party programs that can help us encrypt a few fields in our database so that we can use standard edition and do encryption and hashing without using SQL server 2008 for this?
Question by:Ponthecomputer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 75

Accepted Solution

Anthony Perkins earned 500 total points
ID: 24143794
You can encrypt columns using the Standard edition, however if you choose to encrypt a column, there is no point in indexing it.  So if you want to encrypt SSN or credit card number and need to search on it, you will have to resort to a table scan.  This in most shops is a show stopper and why TDE is used with Enterprise Edition is used instead.
LVL 22

Expert Comment

ID: 24146163
TDE is not the same thing as encrypting a few columns. TDE is encryption for data "at rest" on the file system. An alternative to TDE is the Windows Encrypting File System, which is supported for SQL Server:
LVL 21

Expert Comment

ID: 24148128
It depends what you are trying to protect against.  I just did some timings on TDE with BitLocker and it seemed to work well (given hardware TPM which is built in to most servers) though I haven't started using it yet.  TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.
LVL 75

Expert Comment

by:Anthony Perkins
ID: 24150325
>>It depends what you are trying to protect against. <<
In many big shops, there is no real reason, other then the PTB have determined that encryption is the way to go and at the same they can barely spell the word, let alone have no clue as to implementation.

>>TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.<<
Very good point.

Unfortunately it appears that TDE is not in the author's budget.  So we probably need to suggest alternatives.
LVL 21

Expert Comment

ID: 24150498
Ah, I was confusing my acronyms and my answer would be for Full Disk Encryption that also happens to be TDE and  probably not what they are looking for.  But I liked the price - free with Windows Server 2008 and (most?) servers come with the hardware TPM built in.  I didn't realize my laptop has the same arrangement (via BitLocker in Vista Ultimate) until I was researching it for our servers.  It seems more useful on a laptop.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question