Introducing Data Encryption

Data encryption is the process to transform information using a process that basically makes text unreadable. The data is unreadable to anyone except those who have a special key to decrypt the data. Without the key, the data is impossible to unscramble.

Symmetric encryption uses one key to both encrypt and decrypt the sensitive data in the database.

The same key can encrypt and decrypt the messages, which is considered riskier because of the encryption algorithm. This may not be a problem when encrypting and decrypting data inside SQL Server.

Asymmetric is considered more secure because the decryption key does not need to be known to encrypt. This type of encryption has two keys, one being a private key, which is paired with a second public key. In other words, if I encrypt some data using my public key and you already have my private key, then you can decrypt the data.

Transparent Data Encryption (TDE) is a special kind of encryption using a symmetric key. This type encrypts the entire database using a symmetric key, which is called a database encryption key. Other keys protect the database encryption key or certificates, which are a protected database master key or an asymmetric key stored in an extensive key management module. TDE protects the data at rest, meaning the data and log files. It also enables the ability to comply with many guidelines and regulations established by many different industries.

Note
You should immediately back up the certificates ...

Get Microsoft SQL Server 2012 Bible now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.