Database vs Application Level Encryption

  • I am in the middle of a project that is going to require us to use encryption for the first time to secure some sensitive data. I am having trouble finding articles/blogs/etc illustrating the pros and cons of using database encryption vs. application encryption.

    I guess with my limited knowledge (still in the process of reading a number of documents) it almost seems as though application level encryption would be more secure because the data would still be secured if the database server was compromised.

    Any info is much appreciated.

    Thanks,

    Sam

  • A lot depends on your requirements. If you have to satisfy PCI then the requirements are different. Your architecture can make a big difference as well. I don't see the question as simple as DB vs. App..

    CEWII

  • This will depend as Elliott has said. Compliance you are seeking will have an impact on which encryption you use. It is not uncommon to employ both database and application encryption.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply