Solved

Encrypting data for storage in SQL server 2008

Posted on 2009-04-14
5
263 Views
Last Modified: 2012-05-06
We'd like to utilize the transparent encryption feature in SQL server 2008 however, we're so dissapointed in the fact that this feature is only available when using the enterprise edition of SQL server 2008 which is way too expensive for us to afford.

Are there any other viable alternatives such as SDKs or other third party programs that can help us encrypt a few fields in our database so that we can use standard edition and do encryption and hashing without using SQL server 2008 for this?
0
Comment
Question by:Ponthecomputer
  • 2
  • 2
5 Comments
 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 500 total points
Comment Utility
You can encrypt columns using the Standard edition, however if you choose to encrypt a column, there is no point in indexing it.  So if you want to encrypt SSN or credit card number and need to search on it, you will have to resort to a table scan.  This in most shops is a show stopper and why TDE is used with Enterprise Edition is used instead.
0
 
LVL 22

Expert Comment

by:dportas
Comment Utility
TDE is not the same thing as encrypting a few columns. TDE is encryption for data "at rest" on the file system. An alternative to TDE is the Windows Encrypting File System, which is supported for SQL Server:

http://technet.microsoft.com/en-us/library/cc721923.aspx
0
 
LVL 21

Expert Comment

by:mastoo
Comment Utility
It depends what you are trying to protect against.  I just did some timings on TDE with BitLocker and it seemed to work well (given hardware TPM which is built in to most servers) though I haven't started using it yet.  TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
Comment Utility
>>It depends what you are trying to protect against. <<
In many big shops, there is no real reason, other then the PTB have determined that encryption is the way to go and at the same they can barely spell the word, let alone have no clue as to implementation.

>>TDE protects against someone grabbing the drives or the server and running out the door, but not against someone accessing the server while it is running.<<
Very good point.

Unfortunately it appears that TDE is not in the author's budget.  So we probably need to suggest alternatives.
0
 
LVL 21

Expert Comment

by:mastoo
Comment Utility
Ah, I was confusing my acronyms and my answer would be for Full Disk Encryption that also happens to be TDE and  probably not what they are looking for.  But I liked the price - free with Windows Server 2008 and (most?) servers come with the hardware TPM built in.  I didn't realize my laptop has the same arrangement (via BitLocker in Vista Ultimate) until I was researching it for our servers.  It seems more useful on a laptop.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now