Post reply

Whole Disk Encryption and TDE

  • July 12, 2012 at 11:02 am

    #259458

    Security mgr wants to put PGP Whole Disk Encryption on all volumes of one of my SQL 2008 R2 boxes. The databases are already encrypted with TDE, but he worries that other data (text files, etc.) could be written to any of the drives. My feelings are that this will slow down an already taxed server, but I would like feedback from the masses. Let me hear your thoughts and/or experiences with doing something like this.

  • July 12, 2012 at 11:19 am

    #1512204

    His concern is that someone might be able to write to the drives? Not sure encryption will prevent writing to drives, rather permissions would prevent writing.

    ______________________________________________________________________________________________
    Forum posting etiquette.[/url] Get your answers faster.

  • July 12, 2012 at 11:44 am

    #1512221

    I fully agree with you, but due to politics we can't lock it down. Believe me when I say that I don't agree with that either, but it is what it is.

  • July 12, 2012 at 12:42 pm

    #1512250

    I haven't used disk encryption, but when you copy data to other device (flash drive etc...), it is no more secured. While TDE and/or file encryption provides that security.

    Definitely Disk encryption alongwith TDE will degrade the performance (without any additional advantage)

    To server both (DB + files) the purpose, I would keep database on different drive (with TDE) and leave that volume unencrypted. Rest of the drive can be encrypted if necessary.

  • July 13, 2012 at 2:32 am

    #1512406

    TheSQLGuy (7/12/2012)

    Security mgr wants to put PGP Whole Disk Encryption on all volumes of one of my SQL 2008 R2 boxes. The databases are already encrypted with TDE, but he worries that other data (text files, etc.) could be written to any of the drives. My feelings are that this will slow down an already taxed server, but I would like feedback from the masses. Let me hear your thoughts and/or experiences with doing something like this.

    if the manager is worried about people writing to the drive unnecessarily then you should review your NTFS folder\file permissions to stop this happening.

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply