'''Transparent Data Encryption''' (often abbreviated to '''TDE''') is a technology employed by both by [[Microsoft]] and by [[Oracle Corporation|Oracle]] to [[encryption|encrypt]] [[database]] files. TDE offers encryption at file level. TDE solves the problem of protecting [[data at rest]], encrypting databases both on the hard drive and consequently on [[backup]] media. It does not protect [[Datadata in transit]] nor [[Datadata in use]]. Enterprises typically employ TDE to solve compliance issues such as [[PCI DSS]] which require [[Datathe atprotection rest]]of bedata protectedat rest.
Microsoft offers TDE as part of its [[Microsoft SQL Server]] 2008, 2008 R2, 2012, 2014 and 2016 when released.{{cn}} TDE is only supported on the Evaluation, Developer, Enterprise and Datacenter editions of Microsoft SQL Server. SQL TDE is supported by [[Hardware Security Module]]s from Thales e-Security, Townsend Security and SafeNet, Inc.
Oracle requires the [[Oracle Advanced Security]] Optionoption for Oracle 10g and 11g to enable TDE.{{cn}} Oracle TDE addresses encryption requirements associated with public and private privacy and security mandates such as PCI and [[California]] [[SB 1386]]. Oracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2. Oracle Advanced Security TDE tablespace encryption and support for [[Hardware Security Module]]s (HSMHSMs) were introduced with Oracle Database 11gR1. Keys for TDE can be stored in an HSM to manage keys across servers, protect keys with hardware, and introduce a separation of duties.
The same key is used to encrypt columns in a table, regardless of the number of columns to be encrypted. These encryption keys are encrypted using the database server master key and are stored in a dictionary table in the database.
