Content deleted Content added
Jens Meiert (talk | contribs) m Changed capitalization of first TDE expansion, consistent with title |
Victor.rich (talk | contribs) |
||
| (One intermediate revision by one other user not shown) | |||
Line 2:
'''Transparent data encryption''' (often abbreviated to '''TDE''') is a technology employed by [[Microsoft]], [[IBM]] and [[Oracle Corporation|Oracle]] to [[encryption|encrypt]] [[database]] files. TDE offers encryption at file level. TDE enables the encryption of [[data at rest]], encrypting databases both on the hard drive and consequently on [[backup]] media. It does not protect [[data in transit]] nor [[data in use]]. Enterprises typically employ TDE to solve compliance issues such as [[PCI DSS]] which require the protection of data at rest.
Microsoft offers TDE as part of its [[Microsoft SQL Server]] 2008, 2008 R2, 2012, 2014, 2016, 2017 and 2019.<ref>{{Cite news|url=https://info.townsendsecurity.com/sql-server-tde-vs-cell-level-encryption-a-brief-comparison|title=SQL Server TDE vs CLE|access-date=2017-06-02|language=en|archive-date=2018-10-19|archive-url=https://web.archive.org/web/20181019211909/https://info.townsendsecurity.com/sql-server-tde-vs-cell-level-encryption-a-brief-comparison|url-status=live}}</ref> TDE was only supported on the Evaluation, Developer, Enterprise and Datacenter editions of Microsoft SQL Server, until it was also made available in the Standard edition for 2019.<ref>[https://techcommunity.microsoft.com/t5/sql-server/sql-server-2019-standard-edition/ba-p/986121 "SQL Server 2019 Standard Edition"]''Microsoft Tech Community''</ref> SQL TDE is supported by [[hardware security module]]s from Thales e-Security, Townsend Security and SafeNet, Inc.
IBM offers TDE as part of [[IBM Db2|Db2]] as of version 10.5 fixpack 5.<ref>{{Cite web|url=https://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.wn.doc/doc/c0061179.html|title = Fix pack summary| website=[[IBM]] }}</ref> It is also supported in cloud versions of the product by default, Db2 on Cloud and Db2 Warehouse on Cloud.
Line 12:
== Microsoft SQL Server TDE ==
SQL Server utilizes an encryption hierarchy that enables databases to be shared within a cluster or migrated to other instances without re-encrypting them. The hierarchy consists of a combination of symmetric and asymmetric ciphers:<ref>[https://technet.microsoft.com/en-us/library/bb934049(v=sql.110).aspx "Transparent Data Encryption (TDE)"] {{Webarchive|url=https://web.archive.org/web/20160329054424/https://technet.microsoft.com/en-us/library/bb934049(v=sql.110).aspx |date=2016-03-29 }} ''Microsoft TechNet''</ref>
* Windows [[Data Protection API|Data Protection API (DPAPI)]] protects a single instance-wide Service Master Key (SMK).
Line 22:
During database backups, [[Data compression|compression]] occurs after encryption. Due to the fact that strongly encrypted data cannot be significantly compressed, backups of TDE encrypted databases require additional resources.
To enable automatic booting, SQL Server stores the lowest level encryption keys in persistent storage (using the [[Data Protection API|DPAPI]] store). This presents a potential security issue because the stored keys can be directly recovered from a live system or from backups and used to decrypt the databases.<ref>Simon McAuliffe, [https://medium.com/@s.mcauliffe_17464/the-anatomy-and-in-security-of-microsoft-sql-server-transparent-data-encryption-tde-or-how-to-d164eb08564 "The Anatomy and (In)Security of Microsoft SQL Server Transparent Data Encryption (TDE)"] {{Webarchive|url=https://web.archive.org/web/20231110152114/https://medium.com/@s.mcauliffe_17464/the-anatomy-and-in-security-of-microsoft-sql-server-transparent-data-encryption-tde-or-how-to-d164eb08564 |date=2023-11-10 }}, 19-Mar-2016</ref>
== See also ==
Line 33:
==External links==
* [https://www.easefilter.com/kb/transparent-file-encryption-filter-driver-sdk.htm EaseFilter Transparent File Encryption]
* [https://www.database-encryption.com/ Alternative 3rd party solution for all SQL Server Editions]
* [https://www.netlibsecurity.com/ Another alternative 3rd party solution for all SQL Server Editions]
| |||