Transparent Data Encryption (TDE) – Encryptionizer vs. SQL Server
NetLib® Encryptionizer® TDE offers some important advantages over MS SQL Server’s Transparent Data Encryption (TDE):
- Encryptionizer provides Transparent Data Encryption for all versions of SQL Server from 2000 and later, and for all editions of SQL Server from Enterprise to Express (including LocalDB). SQL Server’s native TDE is available only in the Enterprise edition for SQL Server 2008 – 2017. Encryptionizer provides a single consistent platform across all versions and editions of SQL Server.
- Easy setup and configuration using point-and-click interface. No programming required.
- Possible to encrypt System databases including Master and TempDB.
- Database keys are stored outside of SQL Server, including alternate locations such as network, removable media, Encryptionizer Key Manager (EKM), or Townsend Security Alliance Key Manager (AKM)
- Encryptionizer’s Transparent Data Encryption has virtually no impact on database performance (<1%) on a properly sized server. Some benchmark reports show SQL Server TDE to have greater impact on performance closer to 5%
- Clients have found significant cost savings using SQL Standard and layering Encryptionizer versus purchasing SQL Server Enterprise Edition.
- Support for encrypting FILESTREAMS (SQL Server 2008 and later).
- Supports SQL Server Compressed Backups (WITH COMPRESSION) – resulting in encrypted and compressed backups.
- Simple implementation of Backup or DR machines using encrypted backups, log shipping, etc.
- Possible to dynamically encrypt non-database files and folders on the server, such as documents, spreadsheets, PDFs, Multimedia, Access databases, etc.
- Optional centralized key management with Encryptionizer Key Manager (EKM).
- Can integrate with Encryptionizer Desktop Edition to dynamically encrypt documents, spreadsheets and other result sets brought down to the desktop/laptop.
- Allows split knowledge of keys (PCI DSS)
- Separate from and outside of SQL Server Security
- Runs in FIPS 140-2 mode even without putting entire machine in FIPS mode.
What is TDE and How Does It Work?
The meaning of TDE (transparent database encryption) has to do with protecting data files, data logs, backup files, and any data at-rest on the server.
Encryptionizer’s Transparent Database Encryption encrypts entire database files. These encrypted databases cannot be accessed unless the SQL server, My SQL or other application is then configured with matching keys. This prevents anyone from being able to steal the database file and view or attach it elsewhere. And it does this simply, with low maintenance and little or no impact on performance.
Take a look at How It Works for more detail.
This example uses SQL Server as the sample Database Management system, however, Encryptionizer works the same on any Windows based Database Management System like MySQL, DB2 or PostgreSQL. It also supports other applications such as FTP servers, off-the-shelf or custom applications.