Post reply

SQL Server 2016 Standard Edition - help

  • March 26, 2018 at 10:48 am

    #1984563

    WC_Admin - Monday, March 26, 2018 10:34 AM

    Perry Whittle - Monday, March 26, 2018 9:37 AM

    confirm you have understood that even with SP1 applied, the tsql you are using creates a database master key and not a column master key?

    Understood. Some guides can be confusing. I spoke with my Information Assurance Managers and we weren't supposed to have the Standard version anyway. So I'll have to upgrade to the Enterprise version, then constinue with TDE since the database master key is already there.

    Ensure the create master key cmd is run in the context of the master database

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • March 26, 2018 at 2:25 pm

    #1984591

    WC_Admin - Monday, March 26, 2018 10:34 AM

    Understood. Some guides can be confusing. I spoke with my Information Assurance Managers and we weren't supposed to have the Standard version anyway. So I'll have to upgrade to the Enterprise version, then constinue with TDE since the database master key is already there.

    Why TDE over Always Encrypted? I don't really see the point of choosing a less secure option

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • March 27, 2018 at 12:04 am

    #1984614

    Hi 

    Do take note of the Always Encrypted Limitations

    https://blogs.sentryone.com/aaronbertrand/t-sql-tuesday-69-always-encrypted-limitations/

  • March 27, 2018 at 6:43 am

    #1984642

    GilaMonster - Monday, March 26, 2018 2:25 PM

    WC_Admin - Monday, March 26, 2018 10:34 AM

    Understood. Some guides can be confusing. I spoke with my Information Assurance Managers and we weren't supposed to have the Standard version anyway. So I'll have to upgrade to the Enterprise version, then constinue with TDE since the database master key is already there.

    Why TDE over Always Encrypted? I don't really see the point of choosing a less secure option

    And they both do very different things!

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • June 7, 2018 at 8:43 am

    #1993231

    I wasn't sure to create a new post or continue with this one, but its still the same topic so here it goes. The reason I need to encrypt a database is to satisfy a STIG:

    Vuln ID: V-79205
    Rule ID: SV-93911r1_rule         
    STIG ID: SQL6-D0-009500

    I followed the instructions and executed the query in the STIG to find the database is un-encrypted. The STIG does give the option of saying Full Disk Encryption will satisfy the STIG requirement. So I'm kinda stuck on what type of encryption is best to use for my situation. Full Disk? AE? Or another type of encryption?

    My Server has been updated to:
    SQL Server 2016 Standard SP2 - version 13.0.5026.0
    Windows Server 2012 R2 Standard 6.3

    Or should I updated to the Enterprise version before even considering doing any type of encryption?

    Thanks.

Viewing 5 posts - 16 through 19 (of 19 total)

You must be logged in to reply to this topic. Login to reply