Transparent Data Encryption (TDE) – Encryptionizer vs. SQL Server
NetLib® Encryptionizer® TDE offers some important advantages over MS SQL Server’s Transparent Data Encryption (TDE):
- Encryptionizer provides Transparent Data Encryption for all versions of SQL Server from 2000 and later, and for all editions of SQL Server from Enterprise to Express (including LocalDB). SQL Server’s native TDE is available only in the Enterprise edition for SQL Server 2008 – 2017. Encryptionizer provides a single consistent platform across all versions and editions of SQL Server.
- Easy setup and configuration using point-and-click interface. No programming required.
- Possible to encrypt System databases including Master and TempDB.
- Database keys are stored outside of SQL Server, including alternate locations such as network, removable media, Encryptionizer Key Manager (EKM), or Townsend Security Alliance Key Manager (AKM)
- Encryptionizer’s Transparent Data Encryption has virtually no impact on database performance (<1%) on a properly sized server. Some benchmark reports show SQL Server TDE to have greater impact on performance closer to 5%
- Clients have found significant cost savings using SQL Standard and layering Encryptionizer versus purchasing SQL Server Enterprise Edition.
- Support for encrypting FILESTREAMS (SQL Server 2008 and later).
- Supports SQL Server Compressed Backups (WITH COMPRESSION) – resulting in encrypted and compressed backups.
- Simple implementation of Backup or DR machines using encrypted backups, log shipping, etc.
- Possible to dynamically encrypt non-database files and folders on the server, such as documents, spreadsheets, PDFs, Multimedia, Access databases, etc.
- Optional centralized key management with Encryptionizer Key Manager (EKM).
- Can integrate with Encryptionizer Desktop Edition to dynamically encrypt documents, spreadsheets and other result sets brought down to the desktop/laptop.
- Allows split knowledge of keys (PCI DSS)
- Separate from and outside of SQL Server Security
- Runs in FIPS 140-2 mode even without putting entire machine in FIPS mode.