locked
TDE Alternatives for 2008 R2 Standard Edition RRS feed

  • Question

  • We have a number of SQL Server 2008 R2 Standard Edition installations on Windows Server 2008R2.  I need to protect the data at rest - i.e., encrypt the data and log files.  TDE would have been the ideal choice, but Standard Edition does not support TDE.

    Can you recommend any alternatives?  One product I saw is DBDefence, but I could find practically no reviews or comments about it, good or bad.  Regardless, the thought of interjecting a third party tool between Windows OS and SQL OS sounds scary to me.

    What do people normally do in this situation? Do they bite the bullet and get Enterprise Edition? Or do they use Bitlocker or something similar where the drive itself is encrypted?  Does SQL Server even work in a bitlocker environment?

    Any help/suggestions would be welcome.  Thank you.

    Wednesday, March 9, 2016 6:30 PM

Answers

All replies

  • Upgrade to Enterprise edition.

    Yes, SQL Server will work with BitLocker.  BitLocker is invisible to the application.  However, there is overhead in BitLocker which will make it slower.

    • Proposed as answer by Ice Fan Thursday, March 10, 2016 4:41 AM
    • Marked as answer by JamesKJ Thursday, March 10, 2016 5:41 PM
    Wednesday, March 9, 2016 6:32 PM
  • Totally agree with Tom: move on EE. I had something similar to Bitlocker in the past and our MSDE 2000 went a little bit slow
    • Marked as answer by JamesKJ Thursday, March 10, 2016 5:41 PM
    Wednesday, March 9, 2016 8:26 PM
  • Hi JamesKJ,

    Adding to Tom’s post, you can use symmetric or asymmetric encrypt keys to encrypt data at SQL Server instance level and database level in SQL Server 2008 R2 Standard Edition.

    SQL Server has a service master key (SMK) and which could be used for encryption at the SQL Server instance level, and a database master key (DMK) used for encrypt a database. Also, you can even encrypt at column level by creating a MASTER KEY ENCRYPTION along with CREATE CERTIFICATE and then CREATE SYMMETRIC KEY.

    For detailed information, please refer to the following article.
    SQL Server and Database Encryption Keys (Database Engine)
    Encrypt a Column of Data
    SQL SERVER – Introduction to SQL Server Encryption and Symmetric Key Encryption Tutorial with Script

    Upgrading to enterprise edition (or not) depends on what level you need to encrypt data. And there is a similar thread for your reference.
    http://dba.stackexchange.com/questions/50355/options-for-data-encryption-in-sql-server-2008-r2-standard-edition

    Regards,
    Ice fan


    Ice Fan
    TechNet Community Support


    • Marked as answer by JamesKJ Thursday, March 10, 2016 5:42 PM
    Thursday, March 10, 2016 9:12 AM
  • Thank you Tom, Enric, and Ice for your thoughts.
    Thursday, March 10, 2016 5:41 PM
  • Adding to Tom?s post, you can use symmetric or asymmetric encrypt keys to encrypt data at SQL Server instance level and database level in SQL Server 2008 R2 Standard Edition.

    But this is something very different from Transparent Data Encryption or BitLocker. The latter aims at protecting the data at rest. That is, someone who gets access to the file or the disk, will not be able to do anything with it. But anyone who has logged into the database can see anything.

    Cell-level encryption aims at encrypting specific columns. This can help preventing people who are inside the database from seeing the values. It can also make indexing a lot more difficult.

    Thursday, March 10, 2016 10:17 PM
  • I was forced to do that in 2012 in order to accomplih spanish laws regaring Act Data for individuals in terms of sensible data like CVC, IBAN, Card PAN, things like that.
    Thursday, March 10, 2016 10:27 PM
  • If a third party solution is acceptable, may I suggest you evaluate NetLib Encryptionizer for SQL Server. It works with all versions and editions of SQL Server from Express to Enterprise.  (Disclaimer: I am with NetLib Security)
    Saturday, April 27, 2019 12:17 PM