September 2, 2014 at 6:14 pm
Hi,
My company people are using TDE. They want to secure the data even they don't want the DBA can see the data. How can we achieve this? Any third party tools available for this?
September 3, 2014 at 1:17 am
TDE will only help if some stills the database's files or the database's backup files. The data is written to those files with encryption, but when it goes into the cache, it is decrypted. This won't stop anyone with permissions to read the data, from watching it decrypted.
If you don't want the DBA team to be able to read data on the server, then you'll have to encrypt it using a password that is not known to the DBA team. Have a look at this article - http://www.mssqltips.com/sqlservertip/2840/sql-server-encryption-to-block-dbas-data-access/. Notice that it comes with a price – you won't be able to use indexes on encrypted data, so you'll might have performance issues. Also if you already have an application that is working with the database, you'll have to modify the code.
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply