locked
SQL Server database data encryption options 3rd party tools any? RRS feed

  • Question

  • SQL Server database data encryption options 3rd party tools any

    Can you suggest best options/tools to do the SQL Server data encryption after sending data(encrypt format) from database to application(decrypt data),it means data should encrypt in database level and send it application side,then decrypt data at application level.

    Any 3rd party tools or SQL Server data encryption options, can we use for data encrypt/decrypt?

    thanks
    Friday, April 29, 2016 1:49 AM

Answers

  • I am not sure about your requirement. In SQL Server we have Transparent data encryption  this encrypts data which is at rest. However a sysadmin or member of security admin can see the data.

    Data is not encrypted while application is reading the data to do that you would have to use SSL to encrypt the connection

    You cannot just restore backup of encrypted database, you need to have key to restore it. Also readBooks online about TDE


    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Friday, April 29, 2016 11:25 AM
  • ... and in SQL Server 2016, we get "Always Encrypted", where the key is kept at the application side. I.e. a sysadmin can read the data, but it will be cipher-data. Need support in the client, though (and changing data type in the table for each encrypted column).

    Tibor Karaszi, SQL Server MVP (Web Blog)

    Friday, April 29, 2016 1:42 PM
  • Hi All thanks for reply.

    What we are looking is, data in transit as an example, application authentication from application server to database server (inflight) or data through network/wire to database server.  We would like to encrypt the data transmitting through network from various application servers to database servers.

    We do have SSL option with "Forced Encryption" but I'm looking at various other options and 3rd party tools.

    thanks 

    I don't remember ever working with any 3rd party wire encryption solutions. There are probably some out there, but not likely to be many. I'm guessing that's because it's hard to offer differentiating value to the user who can enable wire encryption easily using a built-in SQL Server feature. 

    Wire encryption is well known and commoditized. Is there some specific capability you need that isn't met by what SQL Server provides?



    No great genius has ever existed without some touch of madness. - Aristotle

    Friday, April 29, 2016 9:27 PM

All replies

  • If the user is a member of sysadmin server role, it is matter of time he/she will descrypt the valuable data 

    Do you want to encrypt the data or logic/algorithms? Make sure that end users do not have access to the sevrer/database, do not install (if it is possible) SSMS on their workstations


    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting: Large scale of database and data cleansing
    Remote DBA Services: Improves MS SQL Database Performance
    SQL Server Integration Services: Business Intelligence

    Friday, April 29, 2016 9:28 AM
  • I am not sure about your requirement. In SQL Server we have Transparent data encryption  this encrypts data which is at rest. However a sysadmin or member of security admin can see the data.

    Data is not encrypted while application is reading the data to do that you would have to use SSL to encrypt the connection

    You cannot just restore backup of encrypted database, you need to have key to restore it. Also readBooks online about TDE


    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Friday, April 29, 2016 11:25 AM
  • ... and in SQL Server 2016, we get "Always Encrypted", where the key is kept at the application side. I.e. a sysadmin can read the data, but it will be cipher-data. Need support in the client, though (and changing data type in the table for each encrypted column).

    Tibor Karaszi, SQL Server MVP (Web Blog)

    Friday, April 29, 2016 1:42 PM
  • Hi All thanks for reply.

    What we are looking is, data in transit as an example, application authentication from application server to database server (inflight) or data through network/wire to database server.  We would like to encrypt the data transmitting through network from various application servers to database servers.

    We do have SSL option with "Forced Encryption" but I'm looking at various other options and 3rd party tools.

    thanks 

    Friday, April 29, 2016 2:59 PM

  • We do have SSL option with "Forced Encryption" but I'm looking at various other options and 3rd party tools.

    thanks 

    You must ask in other relevant forums I am not sure you would get the information here

    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Friday, April 29, 2016 5:10 PM
  • Hi All thanks for reply.

    What we are looking is, data in transit as an example, application authentication from application server to database server (inflight) or data through network/wire to database server.  We would like to encrypt the data transmitting through network from various application servers to database servers.

    We do have SSL option with "Forced Encryption" but I'm looking at various other options and 3rd party tools.

    thanks 

    I don't remember ever working with any 3rd party wire encryption solutions. There are probably some out there, but not likely to be many. I'm guessing that's because it's hard to offer differentiating value to the user who can enable wire encryption easily using a built-in SQL Server feature. 

    Wire encryption is well known and commoditized. Is there some specific capability you need that isn't met by what SQL Server provides?



    No great genius has ever existed without some touch of madness. - Aristotle

    Friday, April 29, 2016 9:27 PM