Transparent Data Encryption

  • Thanks for the question. Learned something new!

  • SQLRNNR (4/11/2012)


    I think we had a very similar question within the past few months.:cool:

    Yes, I believe so. A good question none the less.

  • another nice, straight forward question - cheers

  • Good Question. Learned something new.

  • Really easy -- thanks!

  • A good question, thanks.

    I can't agree with the comment in the explanation about protection for filestream data when the rest of the data is protected by TDE mandated by regulation. TDE is designed for media protection (someone steals your backup backups or even the hard discs containing the database and he still can't see the data unless he also manages to obtain your keys (or the certificate protecting the database key in the database boot record, if the media stolen includes the disc holding that record)). If regulation requires that sort of protection for particular data, then the regulations won't be satisfied by holding that data unencrypted but protected by operating system or database user access permissions, since those don't protect data on the physical media that the attacker is supposed to have obtained. Regulatory regimes are different for sifferent sorts of data in different places, but the correct reaction to the inapplicability of TDE to filestream data when regulations do require data security to be preserved when physical level media access is compromised is to find and use some other mechanism to encrypt that data (remembering that data used for recovery must be encrypted as well as the actual data, so dealing with logfiles will be a real pain); trying to work around it with some protection that plainly does not satisfy the regulations is not sensible.

    Tom

  • I quite like the fact the answer wasn't 'maybe' (a.k.a "it depends").

  • Good question. Thanks for submitting.

    http://brittcluff.blogspot.com/

  • Easy one..

    Thanks

Viewing 9 posts - 16 through 23 (of 23 total)

You must be logged in to reply to this topic. Login to reply