white papers

Transparent Data Encryption (TDE) – Encryptionizer vs. SQL Server

NetLib® Encryptionizer® TDE offers some important advantages over MS SQL Server’s Transparent Data Encryption (TDE):

  • Encryptionizer provides Transparent Data Encryption for all versions of SQL Server from 2000 and later, and for all editions of SQL Server from Enterprise to Express (including LocalDB). SQL Server’s native TDE is available only in the Enterprise edition for SQL Server 2008 – 2017. In only SQL 2019 did they introduce TDE in SQL Standard.  Encryptionizer provides a single consistent platform across all versions and editions of SQL Server – for your legacy systems as well as new.

  • Easy setup and configuration using point-and-click interface. No programming required.
  • Possible to encrypt System databases including Master and TempDB.
  • Database keys are stored outside of SQL Server, including alternate locations such as network, removable media, Encryptionizer Key Manager (EKM), or any other third-party Key Management system through plugins.
  • Encryptionizer’s Transparent Data Encryption has virtually no impact on database performance (<1%) on a properly sized server. Some benchmark reports show SQL Server TDE to have greater impact on performance closer to 5%
  • Clients have found significant cost savings using Encryptionizer  versus upgrading to SQL 2019.
  • Support for encrypting FILESTREAMS (SQL Server 2008 and later).
  • Supports SQL Server Compressed Backups (WITH COMPRESSION) – resulting in encrypted and compressed backups.
  • Support for Instant File Initialization.
  • Simple implementation of Backup or DR machines using encrypted backups, log shipping, etc.
  • Possible to dynamically encrypt non-database files and folders on the server, such as documents, spreadsheets, PDFs, Multimedia, Access databases, etc.
  • Can integrate with Encryptionizer Desktop Edition to dynamically encrypt documents, spreadsheets and other result sets brought down to the desktop/laptop.
  • Allows split knowledge of keys (PCI DSS)
  • Separate from and outside of SQL Server Security
  • Runs in FIPS 140-2 mode even without putting entire machine in FIPS mode.

What is TDE and How Does It Work?

The meaning of TDE (transparent database encryption) has to do with protecting data files, data logs, backup files, and any data at-rest on the server.

Encryptionizer’s Transparent Database Encryption encrypts entire database files. These encrypted databases cannot be accessed unless the SQL server, My SQL or other application is then configured with matching keys. This prevents anyone from being able to steal the database file and view or attach it elsewhere. And it does this simply, with low maintenance and little or no impact on performance.

Take a look at How t Works for more detail.

This example uses SQL Server as the sample Database Management system, however, Encryptionizer works the same on any Windows based Database Management System like MySQL, DB2 or PostgreSQL. It also supports other applications such as FTP servers, off-the-shelf or custom applications.

For more information about our NetLib® Encryptionizer® for data encryption view our case studies and additional white papers or request a fully functional evaluation today!